This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core131 has been created at e7a52c52d109e044bcce0ca52eb0b5a94c2ec03a (commit)
- Log ----------------------------------------------------------------- commit e7a52c52d109e044bcce0ca52eb0b5a94c2ec03a Merge: 08639bc2a 9e65aa9ed Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Apr 20 17:35:54 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 08639bc2a90ca945e710f5ca13556a50458f0056 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Apr 20 17:21:03 2019 +0200
kernel: update 4.14.113
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5fa063f8590dcd85867935fd6d1a6bd570ac61c6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Apr 17 22:30:19 2019 +0200
kernel: update to 4.14.112
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 26dc79a6fe16c83c5b57f4b6c7c3f73281a03d6c Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 17 21:24:25 2019 +0100
suricata: Do not let oinkmaster be too verbose
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e96adc77972108de9cb8b4b6c0f7fbad07b76035 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 17 20:59:55 2019 +0100
suricata: Redirect oinkmaster output to perl function
The output was written to stderr before and landed in apache's error log where we do not want it.
Fixes: #12004 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9e65aa9ed6d7a3a489c58a6f966eac34972c68f8 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 17 19:15:44 2019 +0100
Revert "hostapd: Always enable 80 MHz channel width for 802.11ac"
This reverts commit c31c8078cffcf3f933f567cb02a366ceedd6d5da.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c25a386523c305615641a1810bcc3b009bc3cf07 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 17 07:38:27 2019 +0100
unbound: Drop unused function
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 64aed99df6ba3b057c35ebb6b9278a13ae5e575d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 17 05:16:05 2019 +0100
suricata: Change runmode to workers
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e91c83490be8d248796d50b0c9bca3976199551c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Apr 16 18:05:18 2019 +0200
wireless-regdb: update to 2019.03.01
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fea27a56f7ef299fa2793971ef6e49f3a423fdc3 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 16 13:23:17 2019 +0100
haproxy: Backup certificates, too
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 175f5c060ea8b967bc3020b376385d5b71116e92 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 16 13:22:10 2019 +0100
backup: Allow passing name of tarball for creation/restore
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 820b2909825479b52696886d1f9054c0f709d3f0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:32:57 2019 +0100
Move IPS to a higher position in the Firewall menu
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0851afba33bf8f1a4562a7e755bec5af23d4d03e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:24:28 2019 +0100
remote.cgi: Move SSH Agent Forwarding to the top
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5e39f3c08a4a6e9f402b18c267fe82595cb0596b Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:22:14 2019 +0100
sshctrl: Fix syntax of generated sed command
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e8b389e0f0a88f064c192305e8bbbc366300af24 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:02:57 2019 +0100
core131: Ship PTR changes in hosts.cgi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 316d14c43ad3b0b27cfa6984d8253e8f9255a87c Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 23:00:25 2019 +0100
Update list of contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6874a5765b887b51e324e1afbddc4516d66a710f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 18:04:00 2019 +0000
Unbound: do not generate PTR if the user requested not to, do so
Partially fixes #12030
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b2ec053c25b80843958864d4305b3108b55dd3c Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 22:58:35 2019 +0100
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c3c2ae4475a0e99a6163027405a45a1e2b4fa8b6 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 18:04:00 2019 +0000
add option for selective PTR generation on hosts.cgi
In some cases, it might be useful to create an additional host (i.e. for round robin loadbalancing) without assigning another PTR to the IP address specified.
This patch introduces the ability to check or uncheck PTR generation for each host individually.
Partially fixes #12030
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 32e7b93c284fe02450e28f431453621537214a03 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 21:59:41 2019 +0100
udev: Rename interfaces when MACs are uppercase
The script relied on the configuration being in lowercase.
If people manually editied their configuration file they might not have paid attention to this and therefore this script now also accepts uppercase MAC addresses.
Fixes: #12047 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dccbdf5b97130f72b4d0bb26d962ffcda8121a51 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 12 17:59:21 2019 +0100
suricata: Take as much off of the CPU as possible
https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performan...
This will compile the ruleset as efficient as possible and allows the IPS to run faster on smaller systems.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2c44da1382dfffb311b15250b9e02784b826dff2 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 10:29:56 2019 +0100
core131: Ship updated setup
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0d34a479c878cd775e541601b2a72238eb3f7546 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 12 18:21:01 2019 +0200
ids.cgi: Display oinkcode section after page load when neccessary.
Fixes #12048.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d51d3c5b93886a66b75388d029e35eb07d9b06eb Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 12 17:36:54 2019 +0100
IPS logging: Fix date comparison for last entry
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2eb0c326da2196c56f6f955bf5371e5d8c7ca9db Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 12 17:33:39 2019 +0100
IPS logging: There is no distinguation between suricata & snort required
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 19c066b602a12fcce601cfa2350b0d83b231717c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 12 17:32:02 2019 +0100
IPS logging: Fix reading date
The CGI script only compares mm/dd and does not care about the year.
Suricata, however, logs the year as well which has to be ignored here.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a32c219fa4642127a97050bf5af60a03e4e5c2f8 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 11 07:55:36 2019 +0100
zabbix_agentd: Bump package version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 41b7369f8078d5dc4998483fa005b2f8e3b89624 Author: Alexander Koch ipfire@starkstromkonsument.de Date: Wed Apr 10 20:33:31 2019 +0200
zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user
Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this.
See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_w...
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 854b63c42af8f82106b587dc43945ad848f8994e Author: Alexander Koch ipfire@starkstromkonsument.de Date: Wed Apr 10 20:33:30 2019 +0200
zabbix_agentd: update to 4.2.0
Relase Notes: https://www.zabbix.com/rn/rn4.2.0
Signed-off-by: Alexander Koch ipfire@starkstromkonsument.de Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a45bfbf1c5a8a7c10ad4bdcb5ed559ed38a796c5 Author: Stéphane Pautrel stephane.pautrel@gmail.com Date: Thu Apr 11 03:47:44 2019 +0100
installer+setup: Update French translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3e11f8257dfe003aaad20d7ca73e3bc831131a96 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Apr 11 07:34:14 2019 +0200
make.sh: fix syntax error
i have merged master>next and not deleted this line.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d27675b08175ed7969d842fdc64f157797911faa Merge: a2907cdd9 ee82349a0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Apr 11 07:31:11 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit a2907cdd9fba3a6ce6af8cc75c656daf1fa43dc0 Merge: 4f30ce49b d01d68913 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Apr 11 07:30:26 2019 +0200
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ee82349a0ea00866d731936e769fab9441690932 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 8 20:20:18 2019 +0200
convert-snort: Re-order steps at end of script
This will ensure that the whole IDS is configured property, if no or an empty snort config file is present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e4bc9b8b6fa0cc0d67d2f698e2bdd5d41af49f05 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 8 20:02:53 2019 +0200
convert-snort: Fix logic for detecting enough free disk space.
The subfunction only will return something if the check fails - so the logic of the if statement was wrong set and the downloader only was called if this check failed and to less diskspace would be available.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ee53381ab167b195d2d4d94da3d2a3d4a024288d Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 8 20:53:47 2019 +0100
core130: Ship SSH Agent Forwarding changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f9de28e6f0ca455aacca3b0fc30722b88d542630 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 16:35:00 2019 +0000
change AllowAgentForwarding in SSHD configuration if, necessary
Fixes #11931
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e918b62ae223b31f459ca5843d291532f5188faf Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 16:35:00 2019 +0000
allow SSH agent forwarding to be configured via WebUI
Fixes #11931
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e1f6dfcbbc3c34130027ffe113488f5f3d9c9557 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Apr 8 16:34:00 2019 +0000
add language strings for SSH agent forwarding settings
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4f30ce49b3c2375d52e7358d12a6235c3e35997d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Apr 8 21:49:20 2019 +0200
rename core130 -> core131
we need to insert a core update to fix urgent bugs
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f2afd5e70dc1c95c13aa75b0acf3da072d714af8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Apr 8 21:47:23 2019 +0200
kernel: update to 4.14.111
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 47204d12f1387502612e8a66b4a1a8a853e33ebf Merge: 5f9bf17d7 918ee4a4c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Apr 8 21:47:12 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 918ee4a4cf5bb8d2a3ade16aac0dd643215c47e2 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 8 16:41:24 2019 +0100
strongswan: Manually install all routes for non-routed VPNs
This is a regression from disabling charon.install_routes.
VPNs are routing fine as long as traffic is passing through the firewall. Traps are not propertly used as long as these routes are not present and therefore we won't trigger any tunnels when traffic originates from the firewall.
Fixes: #12045 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5f9bf17d76e43b1ee0bb4b880a9aa001844e4d4a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Apr 8 16:18:00 2019 +0200
core130: update pakfire database after version change
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c557356ea4878f7f6d0d9431246bfc8e75018672 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 8 11:56:58 2019 +0100
core130: Ship perl-Net-SSLeay
This was still using the old version of OpenSSL.
Instead of linking the module (which we should have found earlier) the module uses dlopen :(
Fixes: #12044 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0265f51e9f5b2635e9df6243f913d6043cde0af6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 7 18:19:50 2019 +0200
core130: remove lm_sensors config
the sensor search has to redone after boot the new kernel.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ca7af382032b3542584fb07b3fabe3976063e551 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 7 17:24:46 2019 +0200
core130: ship setup binary
The setup contain a IPFire version string.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 44b0afe0298941eaeca862ad14c0f965103e158c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 7 17:13:43 2019 +0200
core130: ship pakfire version update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 83c956c3c8d0bc60c2c6fa23f53bd68f6ac6d3ff Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 7 17:01:08 2019 +0200
core130: add kernel to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f40cd26de2a0353fca1fdee407cfce153b16c76d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Apr 6 06:04:00 2019 +0000
Postfix: update to 3.4.5
See http://www.postfix.org/announcements/postfix-3.4.5.html for release notes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ee44d509b61eea858e38e8a4f1f57db6f9940cf3 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 5 21:55:12 2019 +0200
wget: Update to 1.20.3
For details see: https://fossies.org/linux/wget/ChangeLog
Excerpt from "NEWS":
"2019-04-05 Tim Ruehsen tim.ruehsen@gmx.de
Fix a buffer overflow vulnerability * src/iri.c(do_conversion): Reallocate the output buffer to a larger size if it is already full"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f903d3a6f0c4a3f2e5251fda7ea2d1b788606294 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 22:01:54 2019 +0100
suricata: Disable CPU affinity
Benchmarks have shown, that this is making the IPS slower across various hardware
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aa20f1b27727e8ed3d3d164eb3a66faa4ea0d4a4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Apr 5 07:46:34 2019 +0200
kernel: update to 4.14.110
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit aab33d48450aedf20409fe187f573d74eb60f95d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 09:05:25 2019 +0100
core130: Do not search for sensors on AWS
This causes some i2c drivers to load and tons of error messages being created in syslog. So we skip searching for any sensors that do not exist.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ab79dc43bf66f66b0c34a10158d46e4727d4df6a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 11:52:30 2019 +0100
vpnmain.cgi: Set MTU to a default when editing an old connection
This field is required and therefore we need to initialize it for old connections. Right now, the CGI throws an error message when editing an existing connection without the MTU being filled in.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aeecc7ae1025f93bae421c13cf05c612bd3e6241 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 02:07:16 2019 +0100
core130: Ship updated wget
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7dd81936843944f0bd6fa35b95532bc0039b578f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Apr 4 09:43:50 2019 +0200
wget: Update to 1.20.2
For details see: https://fossies.org/linux/wget/ChangeLog
Excerpt from "NEWS":
* Changes in Wget 1.20.2 ** NTLM authentication will retry under certain cases ** Fixed a buffer overflow vulnerability"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0ce95859da727188019a95d855a3053ce2bf8985 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 02:06:41 2019 +0100
core130: Ship updated nettle
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a4cc65bc4866583be8c625c33f20d7429a25a400 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Apr 4 09:37:25 2019 +0200
nettle: Update to 3.4.1
For details see: https://fossies.org/linux/nettle/ChangeLog
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c95ba2bbcc0b6c0b037f058a4395027f93dc093a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 02:05:52 2019 +0100
core130: Ship updated GnuTLS
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 34bbcff61f2de1fa76e4be20371d276f304277da Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Apr 4 09:31:00 2019 +0200
gnutls: Update to 3.6.7.1
For details see: https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html
Please note: A few days after the "3.6.7" release, "3.6.7.1" came out.
See: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
But the compressed directory version is still versioned 3.6.7.
Because of this, the fourth (sub)-version number required some lfs adjustments.
And: This version requires "nettle 3.4.1", which is sent in another commit.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ef1cb80375ca736b2aca12f2bbba2b5ffe7216de Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 02:04:28 2019 +0100
core130: Ship updated apache
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5f2e713ec888dfbbcdb609ee61e846c060ded96c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Apr 4 09:15:00 2019 +0200
apache: Update to 2.4.39
For details see: http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 72995596119e76e1c41395f21c097643bff44be6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 4 02:00:29 2019 +0100
freeradius: Fix extra whitespace
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit df95c62f3a26a71c41610df0ad49a590dc3abbb8 Merge: 94f89b821 0e54ca260 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Apr 3 21:53:22 2019 +0000
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 94f89b821e0307f69bd99b19ca895219d779fabc Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 3 21:52:04 2019 +0000
freeradius: handle special LDFLAGS to configure
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0e54ca260288079e008393a1d2fc5cc8b9cdb7e7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 3 00:42:19 2019 +0100
pcengines-apu-firmware: New package
This package ships the latest BIOS for PC Engines APU boards.
With help of the firmware-update package, this can be very easily updated when running IPFire.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2aca6aa061c2f680b46aea2dbeb36e4678ed57a3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 3 00:33:44 2019 +0100
firmware-update: New package
This is a script that can update firmware on PC Engines APU systems
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 82d176d33bc2839ea31028b9f7dfb6d60f3860af Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 3 00:26:13 2019 +0100
flashrom: New package
This is required to flash firmware
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 48d3cde9cec7add38fb3c62dd66079c5b2fec5aa Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 1 21:58:23 2019 +0100
kernel: Disable some debugging in expactation to increase performance
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 474a6a59785123b7cdd645447f43c52307a6f6ba Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 1 21:55:03 2019 +0100
kernel: Enable strict checks for /dev/mem
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4038d70b768910c5dc5b2ce2c09e3e5b687064dd Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 1 21:35:56 2019 +0100
freeradius: Fix build on armv5tel
Reported-by: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 84fca55b3373f5acc3821b6a8e050bce89b679e8 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 1 16:53:50 2019 +0100
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d38f3eed08d71343cc16de61373860e5aa7efcfd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 1 17:32:34 2019 +0200
IDS: Rename sourcefire VRT rulesets to Talos VRT rulesets
Fixes #12019
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 78c8fe06a5841101c04c7a8e9f1117501f5fd6fc Merge: d00d788be 56f4ba9b0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Mar 31 18:36:44 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 56f4ba9b017008584c132fdcca41557002a1d8f3 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Mar 31 13:29:45 2019 +0100
Update borgbackup to version 1.1.9
Fixes: #12016
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d00d788be47b9c17bc792be2c90d4c81a3ced544 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Mar 31 11:46:34 2019 +0200
kernel: update to 4.14.109
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3005eb2234e5875389011d247785909d5f044c74 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 30 16:56:56 2019 +0100
kernel: update user regd patch from openwrt
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c955ae653ae8421621c49092fd3057ed99e0a4b1 Merge: 9f52e3506 c31c8078c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 30 16:55:35 2019 +0100
Merge remote-tracking branch 'ms/dfs' into next
commit 9f52e35066b3fa8603e85784b7ede0532afc66e6 Author: Erik Kapfer ummeegge@ipfire.org Date: Fri Mar 29 10:44:43 2019 +0100
freeradius: Update to version 3.0.18
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 10945e38f36893cba8f6c28c8756fa8741c08118 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Mar 27 20:54:10 2019 +0100
clamav: Update to 0.101.2
For details see: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b666975ec292fec239aa6023dc79abf5538c9d95 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 28 12:51:06 2019 +0000
unbound-dhcp-leases-bridge: Replace leases file atomically
When there is a large number of leases, writing the file may take a long time. When unbound is re-reading its configuration in that time, the file might syntactically incorrect.
This change writes the file first and then moves it to the right place in one transaction.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 35cdc506b06ed2e5fc8f7ad7fe57239eaadbda58 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 26 21:58:01 2019 +0000
suricata: Enable CPU affinity
This will tie the detection threads to a certain CPU and slightly increases throughput on my system.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d093b810552339a6a7df774412c8e144f799331 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 26 21:18:45 2019 +0000
suricata: Tie queues to a CPU core
This should improve performance by a small margin
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit effa44650ebc227d99a3781ba962e015a3430d3a Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Mar 26 07:15:16 2019 +0100
nginx: Update to 1.15.9
Fixes #12023 . Added support for http2.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2547e73e6b1c2e24e631140f328eeb49deddb6f9 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 22 07:28:23 2019 +0000
freeradius: Bump version because package is linked against old version of OpenSSL
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3657df4ea3b74b9aa7bc631106b2e3684a0bfe72 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 22 03:28:23 2019 +0000
DHCP: Remove double colon
In some languages, there were double colons in the DNS Update section
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit abe21498524bce327404febe644b1361267d0957 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 22 02:58:57 2019 +0000
GeoIP: Do not crash when locations database does not exist
Fixes: #12021 Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d4767896cb27880c2e042ffd49bdbcf7b99a2c64 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 21 20:50:30 2019 +0000
make.sh: Build libedit very early
Many packages can make use of this
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3210e92212b70ab886fe31847c6397a273e784e6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 21 20:48:39 2019 +0000
core130: Ship updated lua
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6bc94afa0d36ecaa4691eaa4dbefa4322861893f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Mar 24 18:34:37 2019 +0100
lua: Update to 5.3.5
For details see:
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 67b943c18a36aa9801684ca85ac3390292651e87 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 21 20:39:51 2019 +0000
core130: Ship rrdtool and collectd
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b3a7120c1556bd060caf894fa0b4a5084fc7436a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Mar 24 18:21:20 2019 +0100
rrdtool: Update to 1.7.1
Disabled 'lua' because otherwise building failed.
I didn't find any place or reason where 'lua' was used by 'rrdtool', so it was deactivated.
Disabling had no noticeable effects by now. Running.
Please note: '/usr/lib/collectd/rrdcached.so' and '/usr/lib/collectd/rrdtool.so' have to be updated, too.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b6c60092db15360cd51091b9f5bcff637ee2ea7c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 22 15:22:43 2019 +0000
openvpn: Remove subnet check for static pools
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fd0b2742bf217cbacacd4725a2bd9ad4ec1b6aaf Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 04:38:41 2019 +0000
dnsdist: Update to 1.3.3
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aac6015042e28730982d643425f768f46dc9c603 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 02:54:37 2019 +0000
dnsdist: Install some symlinks to start the service
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b8ff1ccb6506942485ff221e13d163691109a6c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 02:54:15 2019 +0000
dnsdist: Add backup include
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit af2dc11c921062608c4537368885eb195f54c177 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 23:09:11 2019 +0000
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b60fd7a3e2640d7da41a3bdb875669c302849acc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 18 20:33:28 2019 +0100
Core 130: Remove files after convert-snort has been launched
The converter requires /etc/snort/snort.conf to grab the used rule files (categories). After all settings have been converted, we are fine to delete all snort related files, because none of them is needed anymore.
Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the system and at any later time a backup will get restored, the converter will be started by the backup script, because it detects that a snort settins dir exists and would be restore the old snort settings and replaces all current IPS settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ceaf0ef0087abb09e9cca1677c67776cf76ce417 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 17:26:16 2019 +0000
dnsforward.cgi: Add DNSSEC option to legend
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 08ded6035f61ed97e3a122dc1832703084b72f86 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 15:35:29 2019 +0000
dnsforward.cgi: Check DISABLE_DNSSEC checkbox when editing
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3b521c724f09a45e09ac9228d8b65df0d8bd13a7 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 18 15:24:56 2019 +0000
ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c31c8078cffcf3f933f567cb02a366ceedd6d5da Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Mar 13 18:37:28 2019 +0100
hostapd: Always enable 80 MHz channel width for 802.11ac
This is mandatory to support by all hardware and works well.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 70a7c454af4a6a9ef7245def2f77119520de85af Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Mar 13 18:24:01 2019 +0100
hostapd: Automatically disassociate any clients with high error rates
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 30c33cb318cc399b32c9c06d99e88c52ba957ea9 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:07:11 2019 +0000
kernel: Enable debugging for Atheros drivers
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 62bf7bd2b2cba74cd7838014cdf3380611690d60 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 8 11:05:26 2019 +0000
kernel: Enable DFS support for ath*k drivers
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 57521504a89e792336f55e893564a000bfe4b1d7 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:34:19 2019 +0000
hostapd: Bump package version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b4464a94478059ceebf266bc31dee4a4ba18fac Author: Peter Müller peter.mueller@ipfire.org Date: Sat Mar 16 14:20:00 2019 +0000
hostapd: make client isolation configurable via WebUI
hostapd supports client-isolation, but this feature could not be configured via the WebUI so far. Since it might be desired in public wireless networks, or even private ones, it makes sense to provide a radio button to let the user decide on.
Fixes #11974.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a10b0e5b448bf7e4a9bcc334e177ddae09806dc7 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Mar 15 17:00:00 2019 +0000
ensure Tor daemon files have correct permissions
Set permissions for /var/lib/tor and /var/ipfire/tor to tor:tor, regardless whether Tor user has been created before or not.
This ensures Tor starts properly on existing systems after reinstallation of the add-on. Thanks to Michael for the hint.
Further, a comment for new Tor user in /etc/passwd has been added.
Fixes #11779.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a46903cce3863923838c5cc0721f4932adf2175d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:32:10 2019 +0000
core130: Ship updated unbound
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6f8b156bf0dcda4a1bb8ccdc8db83a54b2d7d1d0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Mar 15 19:15:19 2019 +0100
unbound: Update to 1.9.1
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-March/011415.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2c703afc04448f15f9ad6b9c90be216bad256532 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 12:30:22 2019 +0000
core130: Ship updated ntp
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f81c2225198b894c180cf36b6ee2cd6c0ea3849d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Mar 15 19:10:11 2019 +0100
ntp: Update to 4.2.8p13
For details see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 728f3d2e8f3d26e80154236c6d67e303e1f7f3b9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 16 13:04:18 2019 +0100
suricata: Fix ownership and file permissions of files inside /var/lib/suricata.
These files needs to have nobody.nobody as owner but requires read-acces from everyone to allow the suricata user reading-in this files during startup.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7bf5b0f22194fcb617f3e678c4a1c492b0faf01d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 16 12:57:25 2019 +0100
logs.cgi/ids.dat: Fixup processing dates from logfiles which contains a year
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e1d9148b61bc973ac1fef063b58500de4d881d7e Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 16 10:00:19 2019 +0000
Fix python3-yaml rootfile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9c4477d0f394af12f51d74e52d1a1c85cd13b289 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 15 15:33:29 2019 +0100
core130: Fix another error in rootfile
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 03f68cbca90d9c1bc0b55c2f5aa4698a5d9d3eab Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 15 13:20:23 2019 +0000
core130: Fix errors in rootfile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 710afa00c6e1441ba45f3fdda2feaf613ffd0033 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 16:52:38 2019 +0000
Update IPS translation
* Fix typos * Fix compound nouns (especially in German) * Remove unused strings
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit acb718b0bbfdf2b15bcc95abce2f4a7c23392362 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 14:01:45 2019 +0000
nut: Disable parallel build
nut just fails to build when running in parallel
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f9219b91a1f4648f6c2db9e3699169bb797e79c1 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:48:25 2019 +0000
core130: Ship suricata
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3bc001dbf976a89dcf4fc15912b472073c9e45db Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:20:56 2019 +0000
Update contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cdfbdd1ada37183769c0b245218faff2cd300ac6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:20:22 2019 +0000
Update translations
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 01604708c386da93713cffadb3d5d40665f62ec9 Merge: c578cbd35 e776d33c7 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:19:35 2019 +0000
Merge remote-tracking branch 'stevee/next-suricata' into next
commit c578cbd35f8af09f452326ce643d13e92ddaed99 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:16:33 2019 +0000
core130: Ship updated firewall script
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5fc5f703470b37b43e18be66da0fb181696428a7 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Mar 11 20:07:00 2019 +0000
add IPtables chain for outgoing Tor traffic
If Tor is operating in relay mode, it has to open a lot of outgoing TCP connections. These should be separated from any other outgoing connections, as allowing _all_ outgoing traffic will be unwanted and risky in most cases.
Thereof, Tor will be running as a dedicated user (see second patch), allowing usage of user-based IPtables rulesets.
Partially fixes #11779.
Singed-off-by: Peter Müller peter.mueller@ipfire.org
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4680d554fc52813b9e2a1bae3888d0b34dfbb5ad Author: Peter Müller peter.mueller@ipfire.org Date: Mon Mar 11 20:07:00 2019 +0000
run Tor under dedicated user
This allows more-fine granular firewall rules (see first patch for further information). Further, it prevents other services running as "nobody" (Apache, ...) from reading Tor relay keys.
Fixes #11779.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b450e7e3e6f47734e7282bf37953912b9ef6c740 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 14 13:15:03 2019 +0000
Start Core Update 130
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e776d33c7018a314acfb8909e9581a26d544d7e7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 13 12:14:30 2019 +0100
suricata: Fix amount of listened nfqueues
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e8b1b397c1dd4b158520b8c7905cd66b864c1051 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 13 10:03:48 2019 +0100
suricata: Remove unneeded stuff during build
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f717b1dc55595b4353fd7d3b44a057d282d19b62 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 10 18:52:40 2019 +0100
IDS: Set owner of suricata logging directory to correct user
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fd378b3b08f8458fd7c32e9eb0e2566de53ed02a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 10 18:50:37 2019 +0100
Rename snort user and group to suricata
This only affects new installations.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 38081b8be19b56b7298d5a01e7218b774759406c Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 2 17:26:34 2019 +0000
suricata: Run as non-root user
This patch does not have any effect (yet) and is untested because suricata needs to be built against libcap-ng which is currently not being packaged for IPFire.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2bec60c34725c759c98f4da276fc8149162b3397 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 10 17:34:03 2019 +0100
suricata: Update to 4.1.3
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1fbf0788bf66da1b93774a19d4b0db52b0fdfc73 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 10 13:27:52 2019 +0100
Move IDS/IPS menu entry to firewall section
Fixes #12011.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b051eb68b6c12f619b1c3a76009d41ad59550b6b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 3 15:10:02 2019 +0100
libcap-ng: New package
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 26c758cf4870d834dfe4d20bb2ce76f701befd61 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 2 17:18:39 2019 +0000
suricata: Drop parsers I have never heard of
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8efbd71caad61912817c5cf28974364a34dc6390 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 2 17:18:38 2019 +0000
suricata: Configure HTTP decoder
This will now scan all request and response bodies where possible and use up to 256MB of RAM
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 96495c9aa2a46896ebb5cbbdfa5fd4b961864215 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 2 17:18:37 2019 +0000
Revert "Suricata: detect DNS events on port 853, too"
This reverts commit ad99f959e2b83dd9f1275c1d385140271c8926ae.
It does not make any sense to try to decode the TLS connection with the DNS decoder.
Therefore should 853 (TCP only) be added to the TLS decoder.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5d04cfe7d582bc58a4e4f9995fe5f67fcc456456 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 19:37:38 2019 +0000
suricata: Use highest bit to mark packets
We are using the netfilter MARK in IPsec & QoS and this is causing conflicts.
Therefore, we use the highest bit in the IPS chain now and clear it afterwards because we do not really care about this after the packets have been passed through suricata.
Then, no other application has to worry about suricata.
Fixes: #12010 Signed-off-by: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c9ee3592f00f0edc9467643a27ba1505cc8f879a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:25 2019 +0000
suricata: Fix syntax error
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 99d75ac72e66928f5218c222b0b3fd8fbfba179f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:24 2019 +0000
suricata: Start capture first and then load rules
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 890f1bf2954328f5e811757754d815dedf6f92c1 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:23 2019 +0000
suricata: Disable decoding for Teredo
This decoder is not very accurate and Teredo has been disabled in Windows by default. Nobody will use this.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0b340f0938e5f292f74f5f2e60b3d46d473f2096 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:22 2019 +0000
suricata: Increase memory size for the stream engine
This change also ensures that suricata has a decent number of streams preallocated to be able to handle any bursts in traffic.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ab1444b4f4b9324e96fbb240929334b27611e12f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:21 2019 +0000
suricata: Log to syslog like a normal process
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 47cb057145c76d5faf7987de9e779bf07a029336 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:20 2019 +0000
suricata: Use up to 256MB of RAM for the flow cache
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7eed864c93d143ef943b9f3f8bdf7b40a440cb71 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:19 2019 +0000
suricata: Use 64MB of RAM for defragmentation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 83b576c892c82652b0b56efc200e52fd1dee30f9 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:18 2019 +0000
suricata: Use the correct path for the magic database
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0e28ea9f3e72e0f4db9274c3b7021711d0c0c258 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:17 2019 +0000
suricata: Log to syslog
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 682f1fdaca919284af877894aecd1282595c1430 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:16 2019 +0000
suricata: We do not use any IP reputation lists
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cf976e93c419d2c268979397ec87e05a2b8b7636 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:14 2019 +0000
suricata: Allow 32MB of RAM for DNS decoding
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fe5bd1862f2dfce5b3123ed2d2bbb5a360f1cd40 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:12 2019 +0000
suricata: Drop sections that require Rust
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bc2cb52953c92ad9209576de316f2076cfdb4caf Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:11 2019 +0000
suricata: Drop some commented stuff from configuration
The file is really large and we should not carry anything we will never use.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 75fba6cd248af6925d62452c15d4a21a2a7a204a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:10 2019 +0000
suricata: Drop profiling section from configuration
This is not compiled in as it slows down detection and is only really useful for debugging
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5196d8ddbb097c4485a01a0fee58ade94b7255ac Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:09 2019 +0000
suricata: Set detection profile to high
This will merge rules more aggressively so that the engine is only processing those that can actually match.
Memory is cheap. People with little memory should not run suricata anyways.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9f726f8f536fb271e00c51ca7d10dac143dd3045 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:08 2019 +0000
suricata: Set default packet size to 1514
We usually use a MTU of 1500 + Ethernet header
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 16446608cbe53bcd0873ed48b907b697441d31d1 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Feb 28 14:28:07 2019 +0000
suricata: Set max-pending-packets to 1024
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1f3c61b66c77898707791519b837e61b1d2e6ad0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Feb 22 20:16:00 2019 +0000
Suricata: detect TLS traffic on port 444, too
This is the default port for IPFire's administrative web interface and should be monitored by Suricata, too.
Signed-off-by: Peter Müller peter.mueller@ipfire.org c: Stefan Schantl stefan.schantl@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cc636c4741e7928276a1a5c7048b4fc0693c7f23 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 22 10:04:27 2019 +0100
convert-snort: Try to download ruleset if none is present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5d7d8749dc005bd883e3b7d53d953f334cdea5b4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Feb 18 13:33:41 2019 +0100
convert-snort: Set correct ownership after modify_sids_file has been generated.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d0f9526beb718ca934de9f8cea749bec4b04f3ad Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Feb 18 13:29:47 2019 +0100
ids.cgi: Add language string for ignored hosts section.
Fixes #12002.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 06f57f72309f268d4f6b3490b33912813fbf1f1e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Feb 18 10:28:13 2019 +0000
general-functions.pl: Only skip lines with a # at the beginning
This accidientially dropped all lines that include #. That resulted in colour codes not being loaded from file any more.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7c3b7cdcca852e4f5e5ee46b5291b8ba522535ec Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Feb 18 10:55:27 2019 +0100
ids-functions.pl: Tune rules to always monitor in both directions.
This will allow to scan the traffic from an EXTERNAL_NET to the HOME_NET and from the HOME_NET to the EXTERNAL_NET.
Reference: 10273
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 20b4c4d863d40f4b6cc1fd68eed17d1214a05f9e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Feb 18 10:01:47 2019 +0100
suricata: Swith to "16" as repeat-mark and repeat-mask.
Marks "1-3" are used for marking source-natted packets on the interfaces and 4 up to 6 for TOS and QOS. The mark "32" is used by IPsec.
See commit: f5ad510e3c0f416a1507999f5ad20ab171df9c07
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 77c07352a58a67e88a507feba982fe0f73518f59 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 15 13:26:55 2019 +0100
Suricata: Start service on red.up event if requested
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d215f6e9809e3a7e0b7356c985803291067d923e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 15 12:39:56 2019 +0100
collectd: Stop collecting process details for snort
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0d8cc90f4dead04de7181634377fe11115678f34 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 15 12:18:45 2019 +0100
services.cgi: Show status of suricata instead of snort
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1ef235f08dab44779d3b97854f25e234b6124cab Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 15 11:22:14 2019 +0100
logrotate: Rotate suricata logs instead of snort ones
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 78690361abbff86772850947e1dac97eecfa0648 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 14 12:37:13 2019 +0100
convert-snort: Always create directory and filelayout
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b09c13f1b6276885cfc457fa04896bfd7ba240e6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 14 12:15:41 2019 +0100
convert-snort: Call subfunction to change ownership of rulestarball
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 99b2e30636aa404f9fac355fcbbbe0a2e8f84e0a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 14 11:43:31 2019 +0100
ids-ruleset-sources: Fix rootfile
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c980ac7f2a0ba8ea08797005445328055993e31e Merge: c1c754a12 5368ccb0f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 13 19:46:45 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit c1c754a1211fbe50b7ba5b7a25444bd34b090957 Merge: f3cbcfeff 02a8a241b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 8 09:59:31 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit f3cbcfeff9e8ce263c812a25a24c7f4f14d4a64f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 8 09:56:36 2019 +0100
libhtp: Update to 0.5.29
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4434236e00a6e5fddbf031ca4777d2c00ad34482 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 8 09:55:46 2019 +0100
ruleset-sources: Update sourcefire rulesets to latest snapshot version
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ad99f959e2b83dd9f1275c1d385140271c8926ae Author: Peter Müller peter.mueller@ipfire.org Date: Thu Feb 7 17:47:00 2019 +0000
Suricata: detect DNS events on port 853, too
As DNS over TLS popularity is increasing, port 853 becomes more interesting for an attacker as a bypass method. Enabling this port for DNS monitoring makes sense in order to avoid unusual activity (non-DNS traffic) as well as "normal" DNS attacks.
Partially fixes #11808
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8723bb91aeff7dbbc173c6f7b8052a76203cb0a5 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Feb 7 17:41:00 2019 +0000
Suricata: enable full detection for missing protocols
These are IMAP and MSN, which can be safely enabled.
Partially fixes #11808
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 05a635ec04f1ca7ee85a1511757ef3fea28cdb5c Author: Peter Müller peter.mueller@ipfire.org Date: Thu Feb 7 17:38:00 2019 +0000
Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP ports as, well
Partially fixes #11808
Signed-off-by: Peter Müller peter.mueller@ipfire.org Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5fbd7b29829caf0bcadcccd6f56ead51e2fb812e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 10:33:29 2019 +0100
ids.cgi: Format and show date of the current ruleset again
Fixes #11992
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ee7fe87ea6341f201bad78910d1055ed17560766 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 09:46:01 2019 +0100
ids.cgi: Change name of the button to apply the ruleset changes
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e8ae413a79a9c5eea8952ca42449128d79682216 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 09:02:32 2019 +0100
langs: Remove snort related and unused strings
Fixes #11993.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dd8d6f5ee8c6262b96319b84751a73044be23e39 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 09:00:35 2019 +0100
logs.cgi/ids.dat: Do not call the IDS snort again
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5bd8940d68186e1ad2cbbb376c4bae6d512630bb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 08:51:31 2019 +0100
ids.cgi: Improve showed messages while the IDS is working
Reference #11993
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e566e977f7605758df450c6128d1484cc5fb2a35 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 08:28:29 2019 +0100
Add german translation for "system is offline"
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9074e3d74cc931244892d306b38c298ce8dd0f2b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 08:24:15 2019 +0100
ids.cgi: Lock page while autoupdate script is running
Fixes #11991
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5206a3358d18b8ec9b1ceca3e95a56516ae7b4ab Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 08:06:49 2019 +0100
update-ids-ruleset: Lock and Unlock the IDS page during runtime
Reference #11991
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8076deba79f9bbd4e551fdfe1eb49e8a77b2c19e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 07:59:20 2019 +0100
ids-functions.pl: Add code to lock/unlock ids page while autoupdating the ruleset
Reference #11991
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5f2145eb59d3f0f7cbc70cd4f071302fd56213ea Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Feb 7 07:44:11 2019 +0100
ids.cgi: Show "Update Ruleset"-Button only if automatic updates are disabled
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f6eb1a40a00625b7a83984461242e86347e48579 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 15:59:02 2019 +0100
aliases.cgi: Handle suricata related actions when dealing with aliases
When working with aliases (adding/modifying/removing), the file which contains the HOME_NET declarations needs to be re-generated and suricata requires a restart afterwards.
Fixes #11990
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8117fff863431671939d5aa1c11c0a84e56298a2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 15:23:46 2019 +0100
IDS: Call helper script when red interface gets up
The helper script will be automatically called when the red interface gets up and will re-generate the HOME_NET file, to take care if the IP-address of this interface has changed.
Fixes #11989
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d8f19ebb5accbf4e850e881fbd0be8fd9d66660c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 13:12:50 2019 +0100
IDS: Edit german translation for "ids oinkcode required".
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 613f58fbfa9f536d9c84bc76354f7775b3e9b57f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 12:49:01 2019 +0100
ids.cgi: Check if the selected ruleset requires an oinkcode
Fixes #11983
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f644a167ab06e5324c021144e08c00413472b143 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 12:48:08 2019 +0100
ids.cgi: Only perform actions when saving ruleset settings, if there are no error messages
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 155b3b56a8e4c8765c473b853445e2957b0b852f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 10:58:59 2019 +0100
ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers
Using this feature to fetch the size of the requested tarball is not allowed by these servers, so skip this feature for their rulesets.
Fixes #11987
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c17a9778d62d964ac7d8e8da156ba0f08baf8748 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 6 10:00:17 2019 +0100
Revert "ids-functions.pl: Use GET method to fetch Header data of a file"
Using the GET method will download the file twice and does not provide the desired mechanism here.
This reverts commit 81592314ebe93ae942f28a1bc9037185f155ccda.
commit 422dc4caf97696ac34b65410784f22875f3412c0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 14:34:44 2019 +0100
ids.cgi: Fix HTML formated spaces.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9e9b477d7c4fbad483f6307cf63bf475dd79141b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 14:14:11 2019 +0100
ids.cgi: Rework "Enable IPS" section
Just use one language string for a maximum of flexiblity for the transloators.
Fixes #11986
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit af0065691c6d3fcb14c646d1ec0b9c83bdd3313d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 13:57:40 2019 +0100
suricata: Do not display messages when starting up
Fixes #11979.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cc9057c0148cddb231be85caa4c38d4cf721f0c3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 13:51:08 2019 +0100
ids.cgi: Change lang string from "Activate IPS" to "Enable IPS"
Reference #11986
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 318e7137e79f29574a5cc9677615a48b2a9b3e40 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 13:25:27 2019 +0100
IDS: Rename IDS strings to IPS
Reference: #11986
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 97870bf29cd93669beef30b876e21f2fed5d6405 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 12:43:49 2019 +0100
ids.cgi: Stop suricata when the rulest source has been changed
If the ruleset source has been changed, it has to be configured again. This happens because of different rule categories, filenames rule ID's etc.
In case suricata currently is running it has to be stopped and after the configuration has been done by the user, it can be launched again.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5709768b0bab2b860911fcad66da8e0aec5c4eaa Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 12:36:30 2019 +0100
ids.cgi: Fix downloading rules if source changed
Fix the if statement to detect wheater the ruleset has been changed and automatically download the new one.
Fixes #11984.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b7a9b4edc28a678cd9d2b01e0ab6304597409860 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 12:13:28 2019 +0100
ids.cgi: Update automatic download texts
Update the showed texts in the dropdown box as mentioned in the bug report.
Fixes #11985
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 81592314ebe93ae942f28a1bc9037185f155ccda Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 12:01:43 2019 +0100
ids-functions.pl: Use GET method to fetch Header data of a file
The sourcfire web servers does not support the HEAD request so we have to do this with a GET here.
Fixes #11987
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4924cfdc7312ce8c31101fefebf3f0371e7cd779 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 5 11:55:37 2019 +0100
ids-functions.pl: Fix show HTTP error code and message
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 067e1847dc1012316b23d7eb8dba8e25a65cd757 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Feb 1 14:34:25 2019 +0100
suricata.yaml: Add port 222 to list of SSH Ports
The SSH-server listened on port "222" as default on IPFire in the past.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bcbc9897e392a237105fc2e12af2323804bd2a42 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 31 09:50:47 2019 +0100
ids-functions.pl: Grab address for RED by using get_red_address() function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit de8e1e5b6ce6c8d82dc8e67c92af338206252dc2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 31 09:41:35 2019 +0100
ids-functions.pl: Add function to the the current assigned IP-address of RED.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 912d7472a86b1347f3165c1850ed05ba2b7b641f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 31 08:55:05 2019 +0100
ids.cgi: Automatically download ruleset if the ruleset source has been changed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c9b07d6a0cdb54c71d5aef4a75c40d505585a0fe Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 13:43:38 2019 +0100
initscripts/suricata: Generate firewall rules on start and reload
Fixes #11978
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 23c0347ac5d386e215c56ae9fa3af97e66f1c23f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 12:04:54 2019 +0100
ids-functions.pl: Add RED address and aliases to the HOME_NET
Reference: #11981
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 77c3130174cd492f0bae12205cfd3000b9b7798c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 11:57:49 2019 +0100
ids-functions.pl: Add get_aliases()
This subfunction is used to get all configured and enabled aliases for the RED network zone. They will be returned as an array.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d6f725e1857b19fefce67fc3bb63f7a379f549d4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 10:57:31 2019 +0100
update-ids-ruleset: Improve error reporting if the system is offline
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e0cec9fe99c957a686182f6002185744edd8254d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 10:53:17 2019 +0100
ids.cgi: Dynamically generate SHOW/HIDE for expanding or collapsing a ruleset category
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cf02bf2f7d23f9755a6e08383dd46fa9033d924b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 10:12:11 2019 +0100
ids.cgi: Show IDS setting area only if a ruleset is present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 013274d7d88653e5eaf22156754f0bb8c2e3ebaa Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 10:05:14 2019 +0100
ids.cgi: Diplay reason, why a ruleset could not be downloaded, if the system is offline.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5fd2e9d64ac8363ac56bf0431ec3607e099b3f46 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:57:49 2019 +0100
ids.cgi: Also download the ruleset when saving the ruleset settings
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 34a3843865bfcb6c88cb10773570b96cd61363d6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:42:28 2019 +0100
ids.cgi: Add dropdown option for Emergingthreats.net Pro rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d618d67e010e94e1ef26f2570abe9d6748e90416 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:39:17 2019 +0100
ids.cgi: Only show "update ruleset" button if a ruleset is present
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 674912fc3abe6283566c4e51a5360dcbf5850f36 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:33:47 2019 +0100
ids.cgi: Draw daemon status and setting in the same box.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 029b8ed2b1e039d216fc974db413cd5f3f718a3d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:27:37 2019 +0100
ids.cgi: Show/Hide subscription code area dynamically.
Dynamically (Java Script) show/hide the area for entering the subscription code / oinkcode based on the choosen ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bc4a2223cccc4165f213ec3520aee23b2550a4d2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jan 30 09:25:34 2019 +0100
ids.cgi: Remove help text for obtaining an oinkcode
This information is only valid for sourcefire (snort) rulesets, may confuse users and therefore should be handled in the wiki.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 17c2c09bcc50376ef805a194eec8688a3dfcbc29 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 29 12:03:37 2019 +0000
suricata: Scan outgoing traffic, too
Connections from the firewall and through the proxy must be filtered, too
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 80592396611f06069a05494da2b228aad29af72a Author: Peter Müller peter.mueller@link38.eu Date: Wed Jan 23 21:22:41 2019 +0100
Suricata: drop unused cuda HW acceleration
As stated in https://bugzilla.ipfire.org/show_bug.cgi?id=11808#c5 , Cuda hardware acceleration is unused and so the configuration file section can be removed.
This partially addresses #11808.
Signed-off-by: Peter Müller peter.mueller@link38.eu Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 68699ecffff5e8c0d35883403451bec881bd33ec Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 11:23:54 2019 +0100
Revert "Add DDNS to core 107."
This reverts commit 197033fab234d4698b097fdb1b653b8ae39b1aae.
commit ca8c92108af8ed2fce390592d8bd536f9caa2458 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 09:09:11 2019 +0100
update-ids-ruleset: Set correct ownership for rulesdir and files
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 36e69d34b1a59258bf17b886db323653dac1a13d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 09:05:29 2019 +0100
convert-snort: Use set_ownership() from ids-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4fbd88bfad631b932973321004af3e26b6ca19d5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 09:01:20 2019 +0100
ruleset-sources: Add Emerging-Threads Pro ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9f9651e06aac68d650be585a7dd15a8a6c502d5c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 09:00:26 2019 +0100
logs.cgi/log.dat: Change search pattern from snort to suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3c59b1fab85f76f75e0b6bb89cd9c007b2416b57 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 08:58:08 2019 +0100
ids-functions.pl: Set correct ownership for the stored error file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1fedede6a0982500847ef5d8747b5d3483991a05 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 08:50:16 2019 +0100
ids-functions.pl: Add set_ownership() function.
This function is used to change the ownership of a given file or directory to the user "nobody" and the group "nobody", which is used by the WUI.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8c27372438dd267648cba48b86d85a594f14be1c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 08:40:34 2019 +0100
backup.pl: Run snort to suricata converter when a backup gets restored.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 85a62b05237a4087c9b80d0efadc71b2da45abfa Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 29 08:26:15 2019 +0100
IDS: Install snort to suricata converter
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e4840020ed9962e3fac83c7a52670ed2cfd56672 Merge: 39155be80 61ee84291 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jan 28 17:29:21 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit 39155be80547e808e859f8f4dcd93763876bff5f Merge: 5b0b4182a d03916e55 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 26 12:40:04 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit 5b0b4182a8a0f7fa17548983a4e15aeed3aa2234 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 22 15:36:00 2019 +0100
convert-snort: Settings converter from snort to suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9283e9b9cf8326453086d9777b264d7e50b9660a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jan 22 13:25:13 2019 +0100
ids.cgi: Move and rename GenerateIgnoreList() function to ids-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c1a34012352f9eee339f78c00130807e275b05c2 Merge: b749416ad f6326e4f7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jan 21 13:04:13 2019 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit b749416ad71126d6a05eb92b1409f097cc127617 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 6 14:11:30 2019 +0100
ids-functions.pl: Downloader should reads settings from correct file
In commit ea5c8eeb83a65791960d6cb5de6c7dc78db02fda the taken settings for the ruleset have been stored into an own file.
The Downloader now uses this file to read-in which ruleset should be used and downloaded.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7b6f8596edd5591a1bde21b34a7665170e5d4353 Merge: ed809cf07 f1f40274a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Dec 28 07:36:59 2018 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit ed809cf07a5ccacc5817f682fc9103a2f52163d6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Dec 28 07:36:19 2018 +0100
Ship update-ids-ruleset script also on x86_64 and aarch64
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6994f00174d222a6e7dd9b812c5bebaad1e3fa3e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 26 16:33:54 2018 +0100
ids-functions.pl: Downloader now also uses upstream proxy for HTTPS
Fixes #11953
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 04a0d07c97087c9d66e09155058beacee031d627 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 26 16:05:46 2018 +0100
ids-functions.pl: Add function to get the version of suricata
The get_suricata_version() function is used to get the version of the on the system installed version of suricata. You can specify the how detailed the returned result should be "major" will return only the major version, were "minor" will provide the major and minor version (1.2 for example). All other calls will be answered with the full version string (1.2.3).
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2ee510888c4f4a0836ef4afe5b6e30c2b94f7ddb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 25 20:19:12 2018 +0100
ids-functions.pl: Fix typo
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 74cc8f5a3ddafb065dffd885222246842fc8304c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 25 18:40:34 2018 +0100
ids-functions.pl: Introduce function write_modify_sids_file()
This function is used to write the corresponding file which tells oinkmaster to alter the whole ruleset and finally switches suricata into an IPS or IDS.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b02e30fd81e3e095ea3cd74cb8f0b056d68e10e7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 25 18:26:21 2018 +0100
ids.cgi: Move variable declaration to ids-functions.pl
Also move some functions from the cgi file to the library file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 53817b89c0eb5f03830777982c86c58e4c097fa6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 24 13:19:06 2018 +0100
ids.cgi: Hack to use the correct language string for red network zone.
This hack is needed because "red" is used as "internet" in the language files and "red1" contains the correct "red" translations.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 99b372b51d01e7c35ac6b24bea72ec9c739681c9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 24 13:18:14 2018 +0100
ids.cgi: Colourize network zones
Colourize the network with the proper colour.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 01d02eb63bbb2142b5f154f75f028448bdd47ca5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 24 10:03:18 2018 +0100
ids.cgi: Change RUN_MODE to MONITOR_TRAFFIC_ONLY
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ea5c8eeb83a65791960d6cb5de6c7dc78db02fda Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 23 21:06:14 2018 +0100
ids.cgi: Seperate IPS and ruleset settings
Now each of both have their own corresponding configuration areas. The taken settings will be saved in "/var/ipfire/suricata/settings" for all IDS/IPS related settings and in "/var/ipfire/suricata/rules-settings" for ruleset related settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit aac8e30831b037034e932044b0ca941105f40d70 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 23 21:05:37 2018 +0100
langs/en.pl: Fix typo
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ebdd0f9a90da800cc6173f6f30fb0621dddc354b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 20 13:18:48 2018 +0100
ids.cgi: Prevent from starting suricata without ruleset or selected network zone
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0a1bba1a1d3ec8995f482b291d25c84374d11085 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 20 11:55:13 2018 +0100
ids.cgi: Access ruleset by its own name
This improves accessing the single rules of a rule category.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8353c3fd36c3e56861b9996c489836e4554c1ebd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 18 15:19:30 2018 +0100
ids.cgi: Allways use the whitelist
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 25b6545a6e5523d67484e15c5d8bafd941c8c9ae Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 18 15:14:08 2018 +0100
ids-functions.pl: Use temporary file in downloader.
Download the requested rules tarball into a temporay file and if every thing is fine, replace the old by the downloaded one.
In addition with the previously implemented file size check, we are saved now from a corrupt rules tarball on disk.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 96da5803a77ac8cae85fc8bc37e2153a19b5ab26 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 18 14:16:13 2018 +0100
ids-functions.pl: Introduce filesize check for downloader
The downloader now requests the html header for the rulestarball and obtain the size of the file bevore downloading it.
After success the size of the downloaded file will be compared with the requested one before. If they do not match, an error will be gained.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1201c1e74695fffeae36ba8a8a6adfe422a53ddd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 18 14:12:52 2018 +0100
ids-functions.pl: Fix sub _cleanup_rulesdir() function
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f5ad510e3c0f416a1507999f5ad20ab171df9c07 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 17 15:04:48 2018 +0100
suricata: Use "2" as repeat-mark and repeat-mask.
The previous used "1" was already used to mark source-natted packets.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 208cb3363fc13bc9b918aeacb26e4c98d1d963d3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 17 15:03:10 2018 +0100
suricata: Update to 4.0.6
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a13ddf04d9b58ee469b5da6bc0dd5efb64d6ebad Merge: 8cf04a165 58e840bd9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 12 09:27:59 2018 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8cf04a165696c512c8c2cb1f3d282c1f0cc88787 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 12 15:43:16 2018 +0200
ids-functions.pl: Rework &_cleanup_rulesdir() function
* Use a directory listing and delete the files. * Keep files with "config" as file extension.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4ce424884914e6ee5a721124eaec89b634c19f48 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 12 15:18:38 2018 +0200
ids-functions.pl: Fix typo
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 883820bdcb24414e965bd92844bb0b9c438b312b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 12 15:16:32 2018 +0200
ids-functions.pl: Call &_cleanup_rulesdir() function before calling oinkmaster.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b59cdbeea5eb2a83ac5c0be51541c471bd1cd809 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 12 15:12:10 2018 +0200
ids-functions.pl: Add private function to cleanup the rules directory.
This private function is used to remove any files which are stored in the IDS rules directory and prevent from any old (unneeded or conflicting) files after an update or complete change of the ruleset source.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5d3b16c6df1a83d6eacb69a32176941a1e09a157 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 12 13:08:35 2018 +0200
suricata: Rootfile update
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8d087d0391b8ab441a974b4cbc84980bb6055774 Merge: 89a12b384 e3ab1962e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 2 07:35:13 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit 89a12b3843d22a355adf1989e9bd823e170a2387 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 1 20:14:00 2018 +0200
suricata: Set correct ownership for /var/lib/suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2d475a3c6c8e37295f97a07dcca9a6eed2dbb21f Merge: eadad5fda 0a5823db0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:49:34 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
commit eadad5fda6e7a798ad63261da4629673bd88cf76 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:43:09 2018 +0200
ids.cgi: Add support for autoupdate of the IDS ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6c9458342b72d5eef122e4e146872ded98751d05 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:42:47 2018 +0200
IDS: Update language files
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3aadbbca38882cf6e8af2370c26234de0940a099 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:38:46 2018 +0200
stage2: Rootfile update for update-ids-ruleset script
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 82979dec3655138b5c8467a63fc423b30961ef9c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:11:31 2018 +0200
IDS: Introduce update-ids-ruleset
This script periodly will be called by fcron and is responsible for downloading and altering the ruleset, if autoupdate of the configured ruleset is enabled.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ed06bc811ffe055e2dadd226d27332892f4725db Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 14:09:53 2018 +0200
ids-functions.pl: Add backend code to handle the "cron" function of suricatactrl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6ce504a2f2c405c7a7baab6f74be779f903d89de Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 13:54:14 2018 +0200
suricatactrl: Add "cron" command
This command allows to enable the automatic update of the used IDS ruleset and to specify the update interval.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dae534f2ca7172a1171d77fe6acd034591233d58 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Sep 26 13:02:28 2018 +0200
ids.cgi: Only write oinkmaster-modify-sids.conf if neccessary.
Only write to the file if the runmode of the IDS has been changed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5508f18c012c5be264c9562b9327a41a2bebb2f8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Sep 11 12:28:28 2018 +0200
logs.cgi/log.dat: Fix pattern to display oinkmaster related messages
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 43ab7d9c30fb24bebd716e264530d7db3e84a007 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Sep 11 12:00:31 2018 +0200
ids.cgi: Set state of used rulefile to on if it contains rules
Only set the state of a used rulefile to "on" if it is present in the %idsrules hash. This happens if it contains at least one rule.
This prevents from showing a rulefile in the ruleset section if, it does not exist anymore or does not contains any rules at all.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b7e29743944953c973e3f858c10ab627949f898d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Sep 11 10:21:00 2018 +0200
ids.cgi: Introduce whitelisting of IP-addresses
If an IP-address has been added to the whitelist, any traffic from this host will not longer inspected by suricata.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6f3b3cd089cea0f308c0b67e17ed864f6aa50b83 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Sep 6 13:28:20 2018 +0200
logs.cgi/ids.dat: Dont display/export empty events.
Check if the current processed event has at least datetime and a title. Otherwise skip it.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 63d911cdc5d3e8a706f222e2094f2f7350c5fa02 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Sep 6 13:22:18 2018 +0200
logs.cgi/ids.dat: Ease list of reported events
Just ease the strict layout by adding a simple line break.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f5ddcad1cc38cfcc3b01f819bc4c4f01e6d1c189 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Sep 6 12:09:34 2018 +0200
logs.cgi/ids.dat: Adjust code to show suricata events
As default show the events generated by suricata and if for a certain selected date no suricata log is available try to fall-back to read the events from the old snort alert files (if available).
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 80bcd4dd1a424e1353aa0839e873ce9292cea3db Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 30 18:18:26 2018 +0200
ids.cgi: Hide rules config section if no rules a present
Do not show the rules config section anymore if there is not ruleset available.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fd72c85eb8bb11978957dc39da8a5822715a5453 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 30 15:12:29 2018 +0200
Enable threshold file in suricata.yaml
Enable and specify the path to the threshold-file in the suricata.yaml, otherwise the programm is trying to read it from a build-in default location and prints the following error message:
Error opening file: "/etc/suricata//threshold.config": No such file or directory
Fixes #11837.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 762a33f17ca8d86b979e22ddd538e76d32287d94 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 30 14:13:37 2018 +0200
suricata: Add files to be backuped
Now all oinkmaster related config files and suricata related yaml files in "/var/ipfire/suricata/" will be included into the backups.
Also the entire ruleset is part of the backup, so after a backup has been restored, the IDS can be used in the same way as before.
Fixes #11835.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 21cab141ec018b885abf2849b82acb22684f0c80 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 29 12:34:08 2018 +0200
suricata: Rule files are now located in /var/lib/suricata
Place the rulefiles from now in "/var/lib/suricata".
Fixes #11834
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d2e6bf6e5f0a3867664c68cd85dff686a08b696c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 29 12:27:12 2018 +0200
suricata: Do not ship an example configuration file
Stop shipping a full example configuration file for suricata.
Fixes #11836.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 00512a5ac800205a9f46cd0936909d5c921e6643 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 29 11:50:59 2018 +0200
ids.cgi: Create file for used rulefiles on first execution if not present
Create this file on first execution of the script if it does not exist yet. This will allow suricata to imediately be started. Otherwise the ruleset has to be downloaded and configured before this file has been created and suricata could be launched.
Fixes #11833.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 004b13b7e801c18d399740c4e9b7866c9685637c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 29 10:55:32 2018 +0200
ids.cgi: Fix get_memory_usage()
Change the get_memory_usage() function to grab and return the memory usage of the entire process, containing all sub-processes and threads.
Fixes #11821
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit be52c68a2db2455f8118190a6bb37594891480a1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Aug 27 15:11:28 2018 +0200
ids-functions.pl: Early abort downloadruleset() if no ruleset is configured
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e568796bb0a0fc2072c2494936ec678f4c7fe17f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 25 15:48:58 2018 +0200
ids-functions.pl: Also check and fix the permissions of rulespath
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4892f82ca19ad29b2213825a9fc2200d9b801252 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 25 15:22:53 2018 +0200
suricata: Fix rootfile
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit baeae346589a793b2d9dca39017e1eb7c00d5bf1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 15:15:09 2018 +0200
lfs/suricata: Move classification and reference config to /etc/suricata/rules
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 330759d88a4adfbf5fc23cb575607b8b99b1b62b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 14:55:40 2018 +0200
ids-functions.pl: Add priviate function _check_rulesdir_permissions()
This function checks if all files located in /etc/suricata/rules are writable by the effective user and group (nobody:nobody) and if not calls suricatactl to fix it.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 68123effb80c3509cb4855c46d3ff378ba7f13a0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 14:54:34 2018 +0200
suricatactrl: Add fix-rules-dir command
This command is used to set the ownership and permissions back to nobody:nobdoy which is used by the WUI to write the ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9074853d8df16e729d7e3fe3fb6c465877614f2e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 14:26:24 2018 +0200
suricatactrl: Add reload command
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 335114b207971fa88bc768c7dea49747b15b4fae Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 11:11:15 2018 +0200
suricata.yaml: Start moving to IPFire specific configuration
Remove a lot of stuff and options which are deactivated during compiling, unsupported by the plattform or not used in IPFire.
Add an advice to the full documented suricata-example.yaml file which also is shipped by IPFire.
More work needs to be done.
See #11808
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit af5e823247876c313f516a98efe38ad38db5a01f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 10:54:07 2018 +0200
suricata.yaml: Adjust classification and reference config location
Both files are included in the various rulesets, therefore use them from the rules folder.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 13d077fdf2093a2e468b5cda1e9e44fa99ee03cc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 10:28:42 2018 +0200
suricata.yaml: Fix include statement for homenet file
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5f630673850f01e4e1284d163a80772b2f7a46af Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 10:04:33 2018 +0200
suricata: Fix initscript when using a single core machine
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 01ba4be48d1687d621b1d7242085aa077552cacd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 07:39:04 2018 +0200
ids.cgi: Create oinkmaster related files at first call
With this commit, the CGI file will create the oinkmaster related files during first run if they does not exist.
Fixes #11822.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 308ba5e74c27e50e9fda4278749256d3ff541d5e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 24 07:37:10 2018 +0200
ids-functions.pl: Add function to create empty files
This generic function can be used to create any kind of emtpy files - it just requires the full path and filename to work.
If the specified file exists at calltime, the function will abort to prevent from overwriting existing files and content.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cb52183c6a311d7413c286f73895b52a8e2e3a57 Merge: 7fe5bc826 c5486ccb9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 23 10:34:17 2018 +0200
Fix merge conflicts during merge of next and the suricata branch
commit 7fe5bc8261d639753ee7a5a005ce06325231769b Merge: f7d76eecc 702f0ba83 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 23 10:32:21 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit c5486ccb9793029e58f0e6156d7d2f4d21de6cd0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 22 10:37:44 2018 +0200
oinkmaster: Ship IPFire specific config file
Ship an IPFire specific configuration file for oinkmaster.
This allows oinkmaster to do all the great rule modifications which have been introduced by the new ids.cgi file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d2212836226ee8212eef3226acf3a4e6fa65643a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 22 08:39:57 2018 +0200
ids.cgi: Rework handling of enabled/disabled sids
Now the enabled or disabled sids are stored in a single hash instead of two arrays, which easily can be modified.
When saving the ruleset, the new read_enabled_disabled_sids() function will be used to read-in the current (old) saved enabled or disabled sids and add them to the new hash structure.
After adding or modifiying sids to the hash, the entries will be written to the corresponding files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a5d617520b144e22fd2b31795d2b04c8170f93ef Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Aug 22 08:38:16 2018 +0200
ids.cgi: Add function to read the enabled/disabled sid files
This function is used to read-in the files for enabled or disabled sid files and stores the sid and their state into a temporary hash which will be returned by the function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5a28e721e08104e35c0e7f23a1aee4dff3fbae45 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Aug 21 19:18:01 2018 +0200
ids.cgi: Fix check if the IDS is running
The correct function name is ids_is_running()!
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bbb6efae56957c1ec70d5ee7668c4cc68b4dd2b2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 18 14:48:30 2018 +0200
ids.cgi: Add backend code to handle switch between IDS and IPS mode
This commit adds the required backend code to allow switching between IDS and IPS mode of suricata.
Technically the behaviour of suricata is specified by the rules - each of them can contain the action "alert" or "drop" (There are more actions supported but these two are currently the important one)
When running in IDS mode, the ruleset does not need to be touched, because the default action is "alert". When switching to IPS mode, the CGI writes a single line to "oinkmaster-modify-sids.conf" which is included by oinkmaster and modify the action for each single rule from alert to drop.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a4ccfcbbc6073684768d951006232d410df091a1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 18 10:16:12 2018 +0200
ids.cgi: Allow to switch between IDS/IPS mode
Add the option to select the runmode for suricata, wheater it should run in intrusion detection mode or intrusion prevention mode.
If the option has not configured yet, it defaults to IPS mode.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d9711d91ef57f846eb09fd77ec9e7a58d745dc6d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 18 10:01:14 2018 +0200
ids-functions.pl: Display error if oinkmaster cannot be executed
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 88daf7eb3a9ba5ceb3df9f8197ea3cb5cfd4f30b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 17 08:49:06 2018 +0200
ids-functions.pl: Log correct error message if download fails
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 55658ee381aeeac19c63a0da8822fc3f727b135b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 17 08:45:47 2018 +0200
suricata: Fix detection of enabled IDS on zone in initscript
I accidently commited the wrong file in the previous commit. This is the fixed and working version.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 00a031145e32d31a08037dda3c8a3cc7cc6c815e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 17 08:24:19 2018 +0200
suricata: Give 644 permissions to the suricata pidfile
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 04b5c77a450ceb8fd83898a90f096175580a058f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 17 07:36:54 2018 +0200
ruleset-sources: Move to suricata optimized ruleset when using emerginthreads.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3c2c54831fd7a5f1813376ceb45c22774631a5e7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 16 18:51:13 2018 +0200
suricata: Add code to create iptables rules to the initscript
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7c82ee6165d04597c371944490b085c240482424 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 16 18:50:39 2018 +0200
firewall: Add chains for IPS (suricata)
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cc60d3dfd3cd6ae9d38470d40edd646691e422ac Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 12 18:40:31 2018 +0200
suricata: Fix include of used rulefiles yaml
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 423030555835840a1821b56408b5a19e6dcfe7e0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 12 07:05:24 2018 +0200
suricata: Use HOME_NET declaration from external file
Use the gernerated HOME_NET details from /var/ipfire/suricata/suricata-homenet.yaml which will be generated by the WUI.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6187da5055dac1a10402d3c6eeaf1f9bed7f3890 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 11 22:28:07 2018 +0200
IDS: Add reload option to initscript
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e2e7880dc73fc98aa7409b2de2384e5c9e436f29 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 11 22:11:18 2018 +0200
ids.cgi: Add code to start/stop/reload the IDS when neccessary
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5240a80987920b1b807e6609a6c10fb666235e21 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 11 22:10:29 2018 +0200
ids-functions.pl: Add function to call suricatactrl binary
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f7d76eecc6660bd2d59951a6aa138cd0f96a2e9d Merge: ca745a297 98ce89752 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 11 19:50:20 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 8d2f6b0b59c3448dfa0fcab683fafc9604873a57 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 9 15:33:25 2018 +0200
ids.cgi: Dynamically generate the HOME_NET details for suricata.
Introduce generate_home_net_file() which uses the current network config to obtain the network address and subnetmask for each available network zone, generate and write these HOME_NET information into a yaml compatible file which can be included into the suricata configuration file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e0bfd338ee5c847b16ea534acf84fba645974ec7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 5 19:42:33 2018 +0200
ids.cgi: Rename form name from SNORT to IDS
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8766096429b7d19a78d632e96a84b32f058f8e80 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 5 14:24:20 2018 +0200
ids.cgi: Display if the IDS is running
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 796eea2154ae581aeae68be92bd04f105d0a939b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 5 14:23:45 2018 +0200
ids-functions.pl: Add function to check if the IDS is running
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1286e0d41e75dd691a54ac130ae6d70bfc284e14 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Aug 5 12:57:44 2018 +0200
ids.cgi: Rework section to configure the IDS
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1cae702c22ed31784393980968634626af8fe653 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Aug 4 16:48:27 2018 +0200
ids-functions.pl: Add function to get the available network zones
The get_available_network_zones() function uses the /var/ipfire/ethernet/settings file and translates the configured mode into an array, which contains the names of the configured network zones.
The array will be returned and easily can be used to loop over this list of available network zones and perform any kind of actions in other scripts.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ab114c276b0d719b9a9c43dea05870e4ceedbdbc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 13:51:59 2018 +0200
ids.cgi: Call suricatactrl for restarting the IDS
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 06b569a4429eb5641343fdf4c3472825dc327f09 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 13:48:46 2018 +0200
oinkmaster: Install config file to /var/ipfire/suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d33874f4969f48d5dd880b212900220ba932d8f0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 10:20:18 2018 +0200
daq: Drop package
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 843a8c570c6784ef6c66d214fbbbc2e67e4505c2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 10:19:35 2018 +0200
snort: Drop package
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 914cca3d8e834c6ab051126f628daeef073b7106 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 10:02:34 2018 +0200
initscripts: Link against suricata initscript in runlevels and red.up hook
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 74b7d695c630c971fb4774e93c39b4954d7bb5fe Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 3 09:50:31 2018 +0200
misc-progs: Rename snortctrl to suricatactrl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ef640882ab4ff5f26fb7b4bf9a5f00ca4f94d172 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 19:58:41 2018 +0200
make.sh: Add ids-ruleset-source
I accidently forgot to commit this file in 1d9b87914053e54550c6f2a76377a8001bbf1da6
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d72b3e64c2515546b78a7cf099157799481da130 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 19:54:22 2018 +0200
suricata: Introduce basic initscript
Add a very basic initscript, which currently allows to start/stop/restart suricata and check if the daemon is running.
The script will detect when starting suricata how many CPU cores are present on the system and will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are detected.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 101d3ece24c99a9696bb2dfe0add1cdfdebbbf91 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 19:33:37 2018 +0200
ids-ruleset-sources: Update download URL for snort rules
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bce84f3975eb04ac94ffe2e14039c1a6a8ac8030 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 19:31:52 2018 +0200
ids-functions.pl: Rename ruleset-sources.list to ruleset-sources
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1d9b87914053e54550c6f2a76377a8001bbf1da6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 19:29:36 2018 +0200
ids-ruleset-sources: New package
Move the file which contains the download URL's for the IDS rulesets into an own common package. This will allow us in future to easily ship a changed file with a core update.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 72b2109c726c1ab78918648a6aa540cf137692b0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 15:47:31 2018 +0200
configroot: Move from snort to suricata
Create /var/ipfire/suricata and /var/ipfire/suricata/settings instead of /var/ipfire/snort and /var/ipfire/snort/settings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4c6d6c1ee3308e8143b95867376f29876739a149 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 09:10:25 2018 +0200
suricata: Install very basic config file
This config file is mostly based on the example configuration shipped by the suricata project and needs to be enhanched.
See #11808.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 101c888174285f4d4e599902c7645d2e834ea027 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Aug 2 09:07:12 2018 +0200
ids.cgi: Generate suricata compatiple used-rulefiles file
* Rename filename to suricata-used-rulefiles.yaml * Adjust file generation as a yaml file to be compatible with suricata * Adjust code to correctly read-in and parse the changed file
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 164eab662756366023016c88c27f1432f243832f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 30 21:36:07 2018 +0200
ids-functions.pl: Move path details from snort to suricata
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a8b8c9e5b2a2d993d06b774aefe7b6ff49adc739 Merge: 67752a951 434001d0a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 30 21:33:25 2018 +0200
Merge branch 'next-new-ids.cgi' into next-suricata-and-cgi
commit 67752a9510d9db653ca8aee9355e8fa63d0f9316 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 23 20:21:38 2018 +0200
suricata: New package
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3498300d87ec69f5676d33e54dca4f3c6897d20f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 23 20:20:29 2018 +0200
libhtp: New package
This is build and runtime dependency for suricata.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 91cc908f84a44ba9dc6493938c00aa982eafed81 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Jul 23 20:19:19 2018 +0200
yaml: New package
This is a build and runtime dependency for suricata.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 434001d0a0eb05946fccded7090e1e1fa6e2c64d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 28 16:34:50 2018 +0200
IDS: Rework error and log handling in ids-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 02844177afb86e070564ee776c5ca679d7cf374b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 27 07:58:23 2018 +0200
IDS: Introduce settingsdir variable
The $settingsdir variable is declared in the ids-functions.pl and used to to store the path where the various files which contains the settings for the IDS and oinkmaster is located.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 298ef5bafa8242fedf8b95ba8d8ad23e0c4c05b1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jul 26 15:56:47 2018 +0200
IDS: Move rulepath declaration to ids-functions.pl
This will help if the path ever changed. Also remove hard coded rulepath from oinkmaster call.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9d18656ba7dd1bf98d5cd41423c8e44d355f1c25 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jul 26 15:51:15 2018 +0200
ids.cgi: Rename snortrules hash to idsrules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fdfd8913ab5da218c9c5303f67bb5b707da8ee30 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 14:08:29 2018 +0100
ids.cgi: Drop code which is detecting if oinkmaster is running
This code is not longer required and therefore can be dropped.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 27760092c0a4973a92e1dcea8544866ae29d37da Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 14:03:08 2018 +0100
ids.cgi: Reimplement function to lock page and show working notice
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit eb5592c1ce15d579072689a7121ffbd87b3f22be Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 14:01:50 2018 +0100
ids-functions.pl: Also log errors to syslog
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0e40e1e772b2f29e71df807f9cb07098b0d23034 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 14:00:57 2018 +0100
ids-functions.pl: Use pure perl to log oinkmaster result to syslog
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 77910792754776c740ddd415d4737340052a4d91 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 12:14:06 2018 +0100
ids-functions.pl: Make variables globally accessible
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3983aebdec7489ca0ce36956307a822ecdc820fd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 10:20:23 2018 +0100
ids.cgi: Rework CGI logic to download a new ruleset
* Drop function to show a notice about snort is working. * Introduce the log_error function which is responsible for log any error messages. Currently it writes it to a tempory file, which will be read by the WUI, the message will be displayed and the temporary file will be released again. * Introduce a tiny function to easily perform a reload of the generated webpage.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a69b96d2002c14d3fe65dcf90f9731a9c631b624 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 10:15:39 2018 +0100
ids.cgi: Use tarball information from ids-functions.pl
Directly use the value from the ids-functions.pl for the location and filename of the tarball which includes the snort ruleset.
This will save to declare this information twice and prevents from any failures if the location of filname every changes.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ad1d8a8accc454e0bf36e93fa9b6c5890ccc5024 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 09:00:03 2018 +0100
ids.cgi: Drop dirty hook for updating the ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 25f5cb0d4b4a6c2418c219d975eb95e393b4e9af Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 08:58:18 2018 +0100
ids.cgi: Move function to call oinkmaster to ids-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit eea2670b39ee6ba804d534e95b03d27059e45468 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 08:52:21 2018 +0100
ids.cgi: Move downloader code to ids-functions.pl
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 59052432f4cc108631a9b264f2f48aaf6ea76873 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 08:20:50 2018 +0100
ids.cgi: Use ids-functions.pl for checking available discspace
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8dcebe5342c261eac9f7436ff382ac71d4890eca Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Feb 14 08:18:15 2018 +0100
IDS: Introduce ids-functions.pl.
This library will contain a set of functions used by the IDS CGI script and the planned update script for auto-updating the snort ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c724524e2e9a0a5498ca7e29db8d1ec80a2a73af Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Feb 12 15:38:25 2018 +0100
ids.cgi: Drop loading of File::Copy module.
This is not required, at any time by the script.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c77bd4923503e58fc2429ffed5e377132394e7a4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 19 11:57:19 2017 +0100
logs.cgi/log.dat: Add support for oinkmaster
This will allow to display the logged output of oinkmaster via the webinterface.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1504a375179cecc182dd40b8a5324eb2c1320ada Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 19 11:56:04 2017 +0100
ids.cgi: Rework snort configuration area
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a6edfcbd9b762832939209e538e31e79c0d32b65 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 17 19:10:21 2017 +0100
ids.cgi: Pipe the oinkmaster output to the logger binary
This will allow anybody, to access the log of oinkmaster and get detailed information about any changes which have been done on the ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 43263ea68ecbd2bddfc84b3cee64ffc0aa9911e5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 17 19:08:25 2017 +0100
ids.cgi: Rework downloader for rulesets
Doing the rules download in pure perl instead of using the external wget.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e524290c9cd90a6d95475f2738bcb65d990cfbd0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 14 08:31:41 2017 +0100
ids.cgi: Drop old control code
The control file are not longer required, because the initscript uses the settings file to determine if snort should be started and binded to which interfaches.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c6bcdda1af86f803e980947aa66490f277b791d9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 15:06:42 2017 +0100
snort: Introduce ruleset-sources.list
This file contains the ruleset vendors and download urls and will be used by the ids.cgi.
If an url or filename changes, we easily can adjust this file. In most cases this will be needed when performing a snort update.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9f5247f60cc66716de0b5b8bd14e0de118763fb5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 14:53:51 2017 +0100
general-functions.pl: readhash() Add code to handle optional comments in files
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ef5171ab7175d381a11f196de4e18b7e8af769e2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 14:50:12 2017 +0100
ids.cgi: Call oinkmaster without a log target
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit afe26a0586678f59e25a2a4ae1877737da064bfd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 14:45:27 2017 +0100
ids.cgi: Introduce ruleset-source.list
This new file will contain the vendor information and url for downloading their ruleset. In future if the download location or filename changes, we only need to adjust this one file and ship it via a core update.
Also extend the downloadrulesfile to be able to directly call the subfunction.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a232b58ca78648f60f19b2464395c93cfc046b78 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 14:40:47 2017 +0100
ids.cgi: Adjust code for saving snort settings
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8f22237bebe2d3880b27c671c173ffcf79040ed2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 11:53:44 2017 +0100
ids.cgi: Remove logfile after wget has successfully downloaded the ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 500c5c55d0db331fe9b16afcdaedd9c5d218b327 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 11:51:08 2017 +0100
ids.cgi: Rework code which shows if oinkmaster is working
Move the code for displaying a notice that snort currently is working into an own subfunction which will be called if oinkmaster currently is started.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit aa12410222aef6afa63a03a7eb74512bf92daad4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 11:50:01 2017 +0100
ids.cgi: Drop old code for debuging purposes
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c51a044a2a93042605fc599eaccf69f49fa7bc87 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 13 11:46:40 2017 +0100
ids.cgi: Add check when altering the ruleset
Add a check if the currently processing sid is nummeric, otherwise skip it.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 525998650ab51df74317f362ccb1382870af4bbb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:24:50 2017 +0100
ids.cgi: Rework code for downloading/updating the ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 56dacb580e16210837ba55648ddfc9e18b860f02 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:24:11 2017 +0100
ids.cgi: Move call of oinkmaster to an own subfunction
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 376595057ba05eea8d9c6337d390374dec7749e0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:16:26 2017 +0100
ids.cgi: Always write config files for enabled/disabled rule files
If a single sid has been activated and then disabled without doing any other ruleset modifications only one of the oinkmaster files for enabled / disabled rules has been modified.
In this case it was possible, that the same sid, was part of the file for enabled rules and part of the file for disabled rules at the same time.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 466c67794b207f327a4b7478ce6f2c9c194df45f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:15:00 2017 +0100
ids.cgi: Process enabled rulefiles in an own loop
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 603334734a0199f6d4558e70ef859fe86fe243d6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:12:38 2017 +0100
ids.cgi: Drop enabled/disabled rules from cgiparams hash
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b65b5ef3775cc724da41a47b5285b7057a2250fd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Dec 12 20:10:17 2017 +0100
ids.cgi: Drop enabled rulefile from cgiparams hash after processing
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e573807983b0acf911dc688ae06bb5d7b2b7714b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 11 14:22:07 2017 +0100
ids.cgi: Re-add code for enable/disable rulefiles
The enabled rulefiles (rule categories) now will be added to an own file, which will be included by the snort main config file.
This will allow us to update snort and push the new main config file without loosing the activated rulesets anymore.
* Introducing snort-used-rulefiles.conf
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0b89daee931885a9c34548009a556299d8adc62a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 11 08:46:18 2017 +0100
ids.cgi: Code cleanup
* Drop a lot of unused variables and code. * Re-ordering some code parts. * Add a lot of comments.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 298723b9db481a07056377278a501d4a643c7a93 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Dec 11 08:33:36 2017 +0100
ids.cgi: Re-add code to save the ruleset.
The manually enabled or disabled rules by the user now will be written to own config files, which will be used by oinkmaster to keep these rules in the same state after a rules update has been performed.
In short words, if you adjust your ruleset, the changes will not be lost again if you perform an update of your ruleset.
* Grabbing and storing the cgi values now in an own hash (%cgiparams) * Introducing oinkmaster config files for enabled and disabled rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0b568bb9650bfe9200d45d7a57b500747e37a73f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 10 10:36:07 2017 +0100
ids.cgi: Drop unused css code
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 177266446a3c9a9c63dbd4bd1af032339003ab3d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 10 10:07:41 2017 +0100
ids.cgi: Rework code for displaying the single rules
The complete ruleset will be grouped as categories by it's corresponding rulefile and printed in hidden tables.
They easiely can be displayed by klicking on the show link and vice-versa.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f7fcd1c020f0eaaacf9068182e9f64750ccf7ea7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 6 11:44:30 2017 +0100
ids.cgi: Always display ruleset
Display the rule categories any time and do not hide them if no instance of snort is runing.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e3ab140634f8769399b258b8391ec58ec9035c1b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 6 11:19:42 2017 +0100
ids.cgi: Remove comment lines for snort rules control
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3da6e01bcf1aefd1e495f64d251d0e39a94a4fdc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 6 09:51:46 2017 +0100
ids.cgi: Refactor reading-in rule files.
Move the code for reading and parsing the snort rule files into an own subfunction.
* Drop code for reading in and modifying the snort main config file. * Rework code for parsing and adding the snort rules to the snortrules hash. * Drop code for gathering a description for the rule files, which does not because of a file layout change and sadly there is not suitable description shipped anymore by the snort team.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a70d269a9ad8ed8ee14f0d1de6426bf936750a3f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Dec 2 15:31:19 2017 +0100
ids.cgi: Move function to end of file
Move the function for doing the page refresh stuff to the end of the file and do some layout changes for better reading the code.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 422204ff08af8f1932e57bace8125baa149329a7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Dec 2 15:24:12 2017 +0100
ids.cgi: Use pure perl for directory listing
Use pure perl for getting the filelist of available rule files instead of using a sub-shell and unix commands.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fbd430172f49cb746975f5543c4e184748537b4e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Dec 2 15:17:49 2017 +0100
ids.cgi: Drop old code for uploading a ruleset
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ca745a2978aadad52a487a7c6a1a8dcb8464aab3 Merge: b5ea63f85 4e4c122c5 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 21 14:14:53 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit b5ea63f85c7d2ff107cd5f1cf985e98e75a84efe Merge: fb22c9ffd 6a7e6b449 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jul 19 18:10:23 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit fb22c9ffd990eebee3249a3cbc2a6c8695b811b7 Merge: b56b67330 9aefd1ed0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jul 8 08:34:37 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit b56b67330ce0927af61c38e1d02284154f912dda Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 27 19:38:41 2018 +0200
guardian: Update to 2.0.2
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6d1ebd1d4323984108c2682d84fe07e54f647061 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 27 19:36:28 2018 +0200
guardian.cgi: Remove support for owncloud
Owncloud as an addon has been dropped for IPFire. As a result of this, we do not need this code anymore.
Fixes #11572.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 74c193f266e9660c822bfc5e86d050d35539bab6 Merge: 5776b677d bc91a6628 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 27 19:33:43 2018 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 5776b677db10ad18aa9972b49900addaa8bf44ba Merge: 6600eeac4 f574f9ea0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 14 19:17:23 2017 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 6600eeac49362964f6813c8c106aa68d6afe3d0e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jun 8 14:13:24 2017 +0200
guardian: Bump package version.
During commit d68ead3decfdcc4ca4a1413e33f3c47270799836 the guardian.cgi has been changed, and therefore the package version of guardian needs to be bumped to ship the changed files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 31313db780f894cdadd74dc4973e0fd6a22a4659 Merge: 5f9fb7a8f 357b8c141 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jun 8 14:03:56 2017 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 5f9fb7a8f6fb4109a6bc451aaf5b8aea74c12892 Merge: f707295a8 c6bc0fb03 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Nov 11 07:44:38 2016 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit f707295a85f820405a21a25a25c86c00e030ddb4 Merge: 197033fab f95b8b9f7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Nov 2 10:00:00 2016 +0100
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 197033fab234d4698b097fdb1b653b8ae39b1aae Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Oct 28 15:35:53 2016 +0200
Add DDNS to core 107.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f2956cf42f04c7d6dcd5379b00ee779434a27d44 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Sep 30 10:34:22 2016 +0200
ddns: Import patches for schokokeks.org support.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree