[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 90e40b194873b596c138cbc25d559e765824f155

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 90e40b194873b596c138cbc25d559e765824f155
Date: Fri, 16 Feb 2024 12:29:24 +0000	[thread overview]
Message-ID: <4TbrpX4PyXz2xSw@people01.haj.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6092 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  90e40b194873b596c138cbc25d559e765824f155 (commit)
       via  407548690c672bc58b02123787aa443d44d9f49d (commit)
       via  c9c9580c4e5ef2e726ffe6368ae85b3209917ce1 (commit)
      from  c73a75cb70d4e66c37ea4cc6ba5c4b114308ef2e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 90e40b194873b596c138cbc25d559e765824f155
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date:   Thu Feb 15 13:58:35 2024 +0100

    ruleset-sources: removal of PT Attack & Secureworks + addition of ThreatFox
    
    - The PT Attack ruleset has not been updated since 2021 and made read-only in 2022
       The PT Attack website no longer has any reference to Suricata Rulesets. The PT Attack
       ruleset is being removed.
    - The Secureworks three rulesets are no longer available. The website path gives a 404
       error. No mention of Suricata rulesets in the Secureworks website. The Secureworks three
       rulesets are being removed.
    - ThreatFox ruleset has been added to the list. Both a plain and archive version of the
       rules are available but the plain version is being regularly updated while the archive
       version was last updated 5 days ago. So this patch has implemented the plain version.
    - All above was discussed in the January Developers Conference call.
    - Tested out on my vm testbed. I had PT Attack selected as one of the providers. As
       mentioned by Stefan removing PT Attack means it is not available in the list of
       providers but the provider stays in the providers table but with the line shown in red.
       I will update the wiki to mention the red highlight and what it means.
    
    Suggested-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 407548690c672bc58b02123787aa443d44d9f49d
Merge: c73a75cb70 c9c9580c4e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Fri Feb 16 12:29:05 2024 +0000

    Merge branch 'master' into next

-----------------------------------------------------------------------

Summary of changes:
 config/suricata/ruleset-sources | 44 +++++++----------------------------------
 lfs/freeradius                  |  4 ++--
 2 files changed, 9 insertions(+), 39 deletions(-)

Difference in files:
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 14d1b865f3..2b3b4ffcb7 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,44 +97,14 @@ our %Providers = (
 		dl_type => "plain",
 	},
 
-	# Positive Technologies Attack Detection Team rules.
-	attack_detection => {
-		summary => "PT Attack Detection Team Rules",
-		website => "https://github.com/ptresearch/AttackDetection",
-		tr_string => "attack detection team rules",
+	# ThreatFox
+	threatfox => {
+		summary => "ThreatFox Indicators Of Compromise Rules",
+		website => "https://threatfox.abuse.ch/",
+		tr_string => "threatfox rules",
 		requires_subscription => "False",
-		dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz",
-		dl_type => "archive",
-	},
-
-	# Secureworks Security rules.
-	secureworks_security => {
-		summary => "Secureworks Security Ruleset",
-		website => "https://www.secureworks.com",
-		tr_string => "secureworks security ruleset",
-		requires_subscription => "True",
-		dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz",
-		dl_type => "archive",
-	},
-
-	# Secureworks Malware rules.
-	secureworks_malware => {
-		summary => "Secureworks Malware Ruleset",
-		website => "https://www.secureworks.com",
-		tr_string => "secureworks malware ruleset",
-		requires_subscription => "True",
-		dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz",
-		dl_type => "archive",
-	},
-
-	# Secureworks Enhanced rules.
-	secureworks_enhanced => {
-		summary => "Secureworks Enhanced Ruleset",
-		website => "https://www.secureworks.com",
-		tr_string => "secureworks enhanced ruleset",
-		requires_subscription => "True",
-		dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz",
-		dl_type => "archive",
+		dl_url => "https://threatfox.abuse.ch/downloads/threatfox_suricata.rules",
+		dl_type => "plain",
 	},
 
 	# Travis B. Green hunting rules.
diff --git a/lfs/freeradius b/lfs/freeradius
index 5ce1a2528f..df59bd63b9 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = freeradius
-PAK_VER    = 19
+PAK_VER    = 20
 
 DEPS       = libtalloc samba
 


hooks/post-receive
--
IPFire 2.x development tree

                 reply	other threads:[~2024-02-16 12:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4TbrpX4PyXz2xSw@people01.haj.ipfire.org \
    --to=git@ipfire.org \
    --cc=ipfire-scm@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox