This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via ad0d064a487c8912cbe4bd77ae652a4212e0fae9 (commit) via 4e8225a778f838dadc530759b9341fc9dbf5d534 (commit) via cf6eaba833abee235fffdf377a0d6379a0ff8406 (commit) via 563e4a4298b881d612a14994d90bbb7503e1d754 (commit) via 0842e694a6b577843362ea6b854d336b867d6f00 (commit) via df7977fde7dec9516036afd8b687acab9f034bf4 (commit) via 738ee720275e56bd6fff06b2b53730f903dd02df (commit) from 0564584a5887b7498ae9ea638bc4799d2a6147e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ad0d064a487c8912cbe4bd77ae652a4212e0fae9 Author: Stefan Schantl Date: Fri Mar 22 06:01:45 2024 +0100 ids.cgi: Improve add provider logic Do not longer add unsupported/removed providers as an option when adding a new/first ruleset provider. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 4e8225a778f838dadc530759b9341fc9dbf5d534 Author: Michael Tremer Date: Fri Mar 22 15:29:22 2024 +0000 core185: Ship IPS files Signed-off-by: Michael Tremer commit cf6eaba833abee235fffdf377a0d6379a0ff8406 Author: Stefan Schantl Date: Thu Mar 21 21:51:18 2024 +0100 ids.cgi: Adjust code for marking unsupported providers Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 563e4a4298b881d612a14994d90bbb7503e1d754 Author: Stefan Schantl Date: Thu Mar 21 21:51:17 2024 +0100 ruleset-sources: Restore generic details about recently dropped providers At least these informations are required to display something usefull on the webgui, even if a provider has been dropped. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 0842e694a6b577843362ea6b854d336b867d6f00 Author: Stefan Schantl Date: Thu Mar 21 21:51:16 2024 +0100 update-ids-ruleset: Disable provider if not dl_url can be obtained Unsupported/Removed provides does not longer have these information Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit df7977fde7dec9516036afd8b687acab9f034bf4 Author: Stefan Schantl Date: Thu Mar 21 21:51:15 2024 +0100 ids.cgi: Change check if a provider is not longer supported This check is now based on a download URL instead of checking if an entry in the ruleset sources is present. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 738ee720275e56bd6fff06b2b53730f903dd02df Author: Stefan Schantl Date: Thu Mar 21 21:51:14 2024 +0100 ids-functions.pl: Improve logic to get the cached rulesfile of a provider Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/cfgroot/ids-functions.pl | 11 +++++--- config/rootfiles/core/185/filelists/files | 3 +++ config/suricata/ruleset-sources | 28 +++++++++++++++++++++ html/cgi-bin/ids.cgi | 42 ++++++++++++++++++------------- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/scripts/update-ids-ruleset | 2 +- 7 files changed, 66 insertions(+), 22 deletions(-) Difference in files: diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a3..c29a5151f9 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -1027,11 +1027,14 @@ sub _store_error_message ($) { sub _get_dl_rulesfile($) { my ($provider) = @_; - # Check if the requested provider is known. - if ($IDS::Ruleset::Providers{$provider}) { - # Gather the download type for the given provider. - my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + # Abort if the requested provider is not known. + return unless($IDS::Ruleset::Providers{$provider}); + # Try to gather the download type for the given provider. + my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Check if a download type could be grabbed. + if ($dl_type) { # Obtain the file suffix for the download file type. my $suffix = $dl_type_to_suffix{$dl_type}; diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files index 750a006418..09ce838868 100644 --- a/config/rootfiles/core/185/filelists/files +++ b/config/rootfiles/core/185/filelists/files @@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin lib/firmware/nvidia/tegra210/vic.bin srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/dns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/time.cgi +usr/local/bin/update-ids-ruleset var/ipfire/backup/bin/backup.pl +var/ipfire/ids-functions.pl var/ipfire/main/manualpages var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 2b3b4ffcb7..4e9ea5fa93 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,6 +97,34 @@ our %Providers = ( dl_type => "plain", }, + # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + }, + # ThreatFox threatfox => { summary => "ThreatFox Indicators Of Compromise Rules", diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 369bf02760..edab971953 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1162,6 +1162,7 @@ END my $subscription_code = $used_providers{$id}[1]; my $autoupdate_status = $used_providers{$id}[2]; my $status = $used_providers{$id}[3]; + my $unsupported; # Check if the item number is even or not. if ($line % 2) { @@ -1171,13 +1172,9 @@ END } # Handle providers which are not longer supported. - unless ($provider_name) { - # Set the provider name to the provider handle - # to display something helpful. - $provider_name = $provider; - - # Assign background color - $col="bgcolor='#FF4D4D'"; + unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) { + # Mark this provider as unsupported. + $unsupported = "*"; } # Choose icons for the checkboxes. @@ -1206,7 +1203,7 @@ END print < - $provider_name + $provider_name$unsupported $rulesetdate @@ -1262,10 +1259,15 @@ print <
-
- - - +
+ + + - -
+END + print "* $Lang::tr{'ids unsupported provider'}\n"; +print < +
END # Only show this button if a ruleset provider is configured. @@ -1274,10 +1276,10 @@ END } print < -
-
+ + + + END &Header::closebox(); @@ -1709,6 +1711,12 @@ END # Grab the provider handle. my $provider = $tmphash{$provider_name}; + # Check if we are not in edit mode. + if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") { + # Skip unsupported ruleset provider. + next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"})); + } + # Pre-select the provider if one is given. if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) { $selected{$provider} = "selected='selected'"; @@ -1809,7 +1817,7 @@ sub show_additional_provider_actions() { } # Disable the manual update button if the provider is not longer supported. - unless ($IDS::Ruleset::Providers{$provider}) { + unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) { $disabled_update = "disabled"; } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f13bddf4bc..b7b86fc7fc 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1416,6 +1416,7 @@ 'ids show' => 'Anzeigen', 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.', 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.', +'ids unsupported provider' => 'Provider wird nicht mehr unterstützt', 'ids visit provider website' => 'Anbieter-Webseite besuchen', 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.', 'iface' => 'Iface', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0113f8811f..8e50aba767 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1467,6 +1467,7 @@ 'ids subscription code required' => 'The selected ruleset requires a subscription code', 'ids the choosen provider is already in use' => 'The choosen provider is already in use.', 'ids unable to download the ruleset' => 'Unable to download the ruleset', +'ids unsupported provider' => 'Provider is not supported anymore', 'ids visit provider website' => 'Visit provider website', 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...', 'iface' => 'Iface', diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset index 553c1a1e1e..806107e1c2 100644 --- a/src/scripts/update-ids-ruleset +++ b/src/scripts/update-ids-ruleset @@ -106,7 +106,7 @@ foreach my $id (keys %providers) { my $autoupdate_status = $providers{$id}[3]; # Skip unsupported providers. - next unless($IDS::Ruleset::Providers{$provider}); + next unless($IDS::Ruleset::Providers{$provider}{'dl_url'}); # Skip the provider if it is not enabled. next unless($enabled_status eq "enabled"); hooks/post-receive -- IPFire 2.x development tree