[git.ipfire.org] IPFire 2.x development tree branch, master, updated. ad0d064a487c8912cbe4bd77ae652a4212e0fae9

[Michael Tremer <git@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 12139 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  ad0d064a487c8912cbe4bd77ae652a4212e0fae9 (commit)
       via  4e8225a778f838dadc530759b9341fc9dbf5d534 (commit)
       via  cf6eaba833abee235fffdf377a0d6379a0ff8406 (commit)
       via  563e4a4298b881d612a14994d90bbb7503e1d754 (commit)
       via  0842e694a6b577843362ea6b854d336b867d6f00 (commit)
       via  df7977fde7dec9516036afd8b687acab9f034bf4 (commit)
       via  738ee720275e56bd6fff06b2b53730f903dd02df (commit)
      from  0564584a5887b7498ae9ea638bc4799d2a6147e8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ad0d064a487c8912cbe4bd77ae652a4212e0fae9
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Fri Mar 22 06:01:45 2024 +0100

    ids.cgi: Improve add provider logic
    
    Do not longer add unsupported/removed providers as an option
    when adding a new/first ruleset provider.
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 4e8225a778f838dadc530759b9341fc9dbf5d534
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Fri Mar 22 15:29:22 2024 +0000

    core185: Ship IPS files
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit cf6eaba833abee235fffdf377a0d6379a0ff8406
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Thu Mar 21 21:51:18 2024 +0100

    ids.cgi: Adjust code for marking unsupported providers
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 563e4a4298b881d612a14994d90bbb7503e1d754
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Thu Mar 21 21:51:17 2024 +0100

    ruleset-sources: Restore generic details about recently dropped providers
    
    At least these informations are required to display something usefull
    on the webgui, even if a provider has been dropped.
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 0842e694a6b577843362ea6b854d336b867d6f00
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Thu Mar 21 21:51:16 2024 +0100

    update-ids-ruleset: Disable provider if not dl_url can be obtained
    
    Unsupported/Removed provides does not longer have these information
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit df7977fde7dec9516036afd8b687acab9f034bf4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Thu Mar 21 21:51:15 2024 +0100

    ids.cgi: Change check if a provider is not longer supported
    
    This check is now based on a download URL instead of checking if
    an entry in the ruleset sources is present.
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 738ee720275e56bd6fff06b2b53730f903dd02df
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date:   Thu Mar 21 21:51:14 2024 +0100

    ids-functions.pl: Improve logic to get the cached rulesfile of a provider
    
    Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/cfgroot/ids-functions.pl           | 11 +++++---
 config/rootfiles/core/185/filelists/files |  3 +++
 config/suricata/ruleset-sources           | 28 +++++++++++++++++++++
 html/cgi-bin/ids.cgi                      | 42 ++++++++++++++++++-------------
 langs/de/cgi-bin/de.pl                    |  1 +
 langs/en/cgi-bin/en.pl                    |  1 +
 src/scripts/update-ids-ruleset            |  2 +-
 7 files changed, 66 insertions(+), 22 deletions(-)

Difference in files:
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index d97431b4a3..c29a5151f9 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
 sub _get_dl_rulesfile($) {
 	my ($provider) = @_;
 
-	# Check if the requested provider is known.
-	if ($IDS::Ruleset::Providers{$provider}) {
-		# Gather the download type for the given provider.
-		my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+	# Abort if the requested provider is not known.
+	return unless($IDS::Ruleset::Providers{$provider});
 
+	# Try to gather the download type for the given provider.
+	my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+	# Check if a download type could be grabbed.
+	if ($dl_type) {
 		# Obtain the file suffix for the download file type.
 		my $suffix = $dl_type_to_suffix{$dl_type};
 
diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files
index 750a006418..09ce838868 100644
--- a/config/rootfiles/core/185/filelists/files
+++ b/config/rootfiles/core/185/filelists/files
@@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin
 lib/firmware/nvidia/tegra210/vic.bin
 srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/update-ids-ruleset
 var/ipfire/backup/bin/backup.pl
+var/ipfire/ids-functions.pl
 var/ipfire/main/manualpages
 var/ipfire/ovpn/openssl/ovpn.cnf
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 2b3b4ffcb7..4e9ea5fa93 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
 		dl_type => "plain",
 	},
 
+	# Positive Technologies Attack Detection Team rules.
+	attack_detection => {
+		summary => "PT Attack Detection Team Rules",
+		website => "https://github.com/ptresearch/AttackDetection",
+		tr_string => "attack detection team rules",
+	},
+
+	# Secureworks Security rules.
+	secureworks_security => {
+		summary => "Secureworks Security Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks security ruleset",
+	},
+
+	# Secureworks Malware rules.
+	secureworks_malware => {
+		summary => "Secureworks Malware Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks malware ruleset",
+	},
+
+	# Secureworks Enhanced rules.
+	secureworks_enhanced => {
+		summary => "Secureworks Enhanced Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks enhanced ruleset",
+	},
+
 	# ThreatFox
 	threatfox => {
 		summary => "ThreatFox Indicators Of Compromise Rules",
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 369bf02760..edab971953 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1162,6 +1162,7 @@ END
 				my $subscription_code = $used_providers{$id}[1];
 				my $autoupdate_status = $used_providers{$id}[2];
 				my $status  = $used_providers{$id}[3];
+				my $unsupported;
 
 				# Check if the item number is even or not.
 				if ($line % 2) {
@@ -1171,13 +1172,9 @@ END
 				}
 
 				# Handle providers which are not longer supported.
-				unless ($provider_name) {
-					# Set the provider name to the provider handle
-					# to display something helpful.
-					$provider_name = $provider;
-
-					# Assign background color
-					$col="bgcolor='#FF4D4D'";
+				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
+					# Mark this provider as unsupported.
+					$unsupported = "<img src='/blob.gif' alt='*'>";
 				}
 
 				# Choose icons for the checkboxes.
@@ -1206,7 +1203,7 @@ END
 
 print <<END;
 				<tr>
-					<td width='33%' class='base' $col>$provider_name</td>
+					<td width='33%' class='base' $col>$provider_name$unsupported</td>
 					<td width='30%' class='base' $col>$rulesetdate</td>
 
 					<td align='center' $col>
@@ -1262,10 +1259,15 @@ print <<END;
 	<hr>
 	<br>
 
-	<div align='right'>
-		<table width='100%'>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-				<tr>
+	<table width='100%'>
+		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+			<tr>
+				<td>
+END
+					print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+				</td>
+				<td><div align='right'>
 END
 
 					# Only show this button if a ruleset provider is configured.
@@ -1274,10 +1276,10 @@ END
 					}
 print <<END;
 					<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
-				</tr>
-			</form>
-		</table>
-	</div>
+					</div></td>
+			</tr>
+		</form>
+	</table>
 END
 
 	&Header::closebox();
@@ -1709,6 +1711,12 @@ END
 							# Grab the provider handle.
 							my $provider = $tmphash{$provider_name};
 
+							# Check if we are not in edit mode.
+							if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") {
+								# Skip unsupported ruleset provider.
+								next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"}));
+							}
+
 							# Pre-select the provider if one is given.
 							if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) {
 								$selected{$provider} = "selected='selected'";
@@ -1809,7 +1817,7 @@ sub show_additional_provider_actions() {
 	}
 
 	# Disable the manual update button if the provider is not longer supported.
-	unless ($IDS::Ruleset::Providers{$provider}) {
+	unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
 		$disabled_update = "disabled";
 	}
 
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f13bddf4bc..b7b86fc7fc 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1416,6 +1416,7 @@
 'ids show' => 'Anzeigen',
 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
 'ids visit provider website' => 'Anbieter-Webseite besuchen',
 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
 'iface' => 'Iface',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 0113f8811f..8e50aba767 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1467,6 +1467,7 @@
 'ids subscription code required' => 'The selected ruleset requires a subscription code',
 'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
 'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
 'ids visit provider website' => 'Visit provider website',
 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
 'iface' => 'Iface',
diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
index 553c1a1e1e..806107e1c2 100644
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -106,7 +106,7 @@ foreach my $id (keys %providers) {
 	my $autoupdate_status = $providers{$id}[3];
 
 	# Skip unsupported providers.
-	next unless($IDS::Ruleset::Providers{$provider});
+	next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
 
 	# Skip the provider if it is not enabled.
 	next unless($enabled_status eq "enabled");


hooks/post-receive
--
IPFire 2.x development tree