From 0034a92ad79d6c9853216602960c8ebe22d13b21 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 1 May 2019 16:49:25 +0200
Subject: [PATCH 1/4] update-ids-ruleset: Set correct ownership for the
 rulestarball.

The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.

This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.

Fixes #12066

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/scripts/update-ids-ruleset | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
index 14ea25ec6..f28a8c156 100644
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -58,6 +58,9 @@ if(&IDS::downloadruleset()) {
 	exit 0;
 }
 
+# Set correct ownership for the downloaded tarball.
+&IDS::set_ownership("$IDS::rulestarball");
+
 # Call oinkmaster to alter the ruleset.
 &IDS::oinkmaster();
 

From 0c52297641c96927eba3476851957ef0fe321ec8 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 1 May 2019 17:03:06 +0200
Subject: [PATCH 2/4] suricata: Remove PID file on stop

Force the initscript to remove the PID file when calling "stop" section.

If suricata crashes during startup, the PID file still remains and the service
cannot be started anymore until the file has been deleted.

Now when calling "stop" or "restart" the PID file will be deleted and the service
can be used again.

Fixes #12067.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/initscripts/system/suricata | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index c9f131fca..38b6a40d8 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -171,6 +171,9 @@ case "$1" in
 		# Remove suricata control socket.              
 		rm /var/run/suricata/* >/dev/null 2>/dev/null
 
+		# Trash remain pid file if still exists.
+		rm -f $PID_FILE >/dev/null 2>/dev/null
+
 		# Don't report returncode of rm if suricata was not started
 		exit 0
         ;;

From 34d72e754243fe86fb1772d39e1b45876b8c72f4 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 1 May 2019 20:19:01 +0200
Subject: [PATCH 3/4] suricata: Update to 4.1.4

This is a minor update to the latest available version from
the suricata 4.1 series.

Fixes #12068.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 lfs/suricata | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index d7b5b71d6..310920606 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.1.3
+VER        = 4.1.4
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 35c4a8e6be3910831649a073950195df
+$(DL_FILE)_MD5 = cb8bf6b8330c44ae78dfb5b083a6fe82
 
 install : $(TARGET)
 

From 6b19d192f93843df8e431d686d6830ebd1e93ccd Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 7 May 2019 19:17:16 +0200
Subject: [PATCH 4/4] guardian: Remove snort related options.

IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/guardian/guardian.de.pl |  4 +--
 config/guardian/guardian.en.pl |  4 +--
 config/guardian/guardian.tr.pl |  4 +--
 html/cgi-bin/guardian.cgi      | 57 ++++++----------------------------
 lfs/guardian                   |  2 +-
 5 files changed, 13 insertions(+), 58 deletions(-)

diff --git a/config/guardian/guardian.de.pl b/config/guardian/guardian.de.pl
index 344d04543..c03c98525 100644
--- a/config/guardian/guardian.de.pl
+++ b/config/guardian/guardian.de.pl
@@ -6,7 +6,7 @@
 'guardian block httpd brute-force' => 'httpd-Brute-Force-Erkennung',
 'guardian block owncloud brute-force' => 'Owncloud-Brute-Force-Erkennung',
 'guardian block ssh brute-force' => 'SSH-Brute-Force-Erkennung',
-'guardian blockcount' => 'Trefferschwelle (Snort)',
+'guardian blockcount' => 'Trefferschwelle',
 'guardian blocked hosts' => 'Aktuell geblockte Hosts',
 'guardian blocking of this address is not allowed' => 'Diese Addresse darf nicht geblockt werden.',
 'guardian blocktime' => 'Blockzeit (Sekunden)',
@@ -36,9 +36,7 @@
 'guardian priolevel_medium' => '2 - Mittel',
 'guardian priolevel_low' => '3 - Niedrig',
 'guardian priolevel_very_low' => '4 - Sehr niedrig',
-'guardian priority level' => 'Prioritätslevel (Snort)',
 'guardian service' => 'Guardian-Dienst',
-'guardian watch snort alertfile' => 'Snort-Alarme auswerten',
 
 );
 
diff --git a/config/guardian/guardian.en.pl b/config/guardian/guardian.en.pl
index f6be8654d..c94484f7e 100644
--- a/config/guardian/guardian.en.pl
+++ b/config/guardian/guardian.en.pl
@@ -6,7 +6,7 @@
 'guardian block httpd brute-force' => 'httpd Brute Force Detection',
 'guardian block owncloud brute-force' => 'Owncloud Brute Force detection',
 'guardian block ssh brute-force' => 'SSH Brute Force Detection',
-'guardian blockcount' => 'Strike Threshold (Snort)',
+'guardian blockcount' => 'Strike Threshold',
 'guardian blocked hosts' => 'Currently blocked hosts',
 'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.',
 'guardian blocktime' => 'Block Time (seconds)',
@@ -36,9 +36,7 @@
 'guardian priolevel_medium' => '2 - Medium',
 'guardian priolevel_low' => '3 - Low',
 'guardian priolevel_very_low' => '4 - Very low',
-'guardian priority level' => 'Priority Level (Snort)',
 'guardian service' => 'Guardian Service',
-'guardian watch snort alertfile' => 'Monitor Snort Alert File',
 
 );
 
diff --git a/config/guardian/guardian.tr.pl b/config/guardian/guardian.tr.pl
index cb64a358d..c4d9c5aab 100644
--- a/config/guardian/guardian.tr.pl
+++ b/config/guardian/guardian.tr.pl
@@ -6,7 +6,7 @@
 'guardian block httpd brute-force' => 'httpd kaba kuvvet algılama',
 'guardian block owncloud brute-force' => 'Owncloud kaba kuvvet algılama',
 'guardian block ssh brute-force' => 'SSH kaba kuvvet algılama',
-'guardian blockcount' => 'Vurgu eşiği (Snort)',
+'guardian blockcount' => 'Vurgu eşiği',
 'guardian blocked hosts' => 'Şu anda engellenen ana makineler',
 'guardian blocking of this address is not allowed' => 'Verilen adresin engellenmesine izin verilmiyor.',
 'guardian blocktime' => 'Engelleme zamanı (saniye)',
@@ -36,9 +36,7 @@
 'guardian priolevel_medium' => '2 - Orta',
 'guardian priolevel_low' => '3 - Düşük',
 'guardian priolevel_very_low' => '4 - Çok düşük',
-'guardian priority level' => 'Öncelik seviyesi (Snort)',
 'guardian service' => 'Koruyucu servisi',
-'guardian watch snort alertfile' => 'Snort uyarı dosyası',
 
 );
 
diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 6144aca02..36d84bb5b 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -52,7 +52,6 @@ my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
 # file locations on IPFire systems.
 my %module_file_locations = (
 	"HTTPD" => "/var/log/httpd/error_log",
-	"SNORT" => "/var/log/snort/alert",
 	"SSH" => "/var/log/messages",
 );
 
@@ -78,7 +77,6 @@ our %ignored  = ();
 $settings{'ACTION'} = '';
 
 $settings{'GUARDIAN_ENABLED'} = 'off';
-$settings{'GUARDIAN_MONITOR_SNORT'} = 'on';
 $settings{'GUARDIAN_MONITOR_SSH'} = 'on';
 $settings{'GUARDIAN_MONITOR_HTTPD'} = 'on';
 $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = '';
@@ -88,7 +86,6 @@ $settings{'GUARDIAN_BLOCKCOUNT'} = '3';
 $settings{'GUARDIAN_BLOCKTIME'} = '86400';
 $settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
 $settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
-$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
 
 my $errormessage = '';
 
@@ -379,9 +376,6 @@ sub showMainBox() {
 	$checked{'GUARDIAN_ENABLED'}{'on'} = '';
 	$checked{'GUARDIAN_ENABLED'}{'off'} = '';
 	$checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked';
-	$checked{'GUARDIAN_MONITOR_SNORT'}{'off'} = '';
-	$checked{'GUARDIAN_MONITOR_SNORT'}{'on'} = '';
-	$checked{'GUARDIAN_MONITOR_SNORT'}{$settings{'GUARDIAN_MONITOR_SNORT'}} = "checked='checked'";
 	$checked{'GUARDIAN_MONITOR_SSH'}{'off'} = '';
 	$checked{'GUARDIAN_MONITOR_SSH'}{'on'} = '';
 	$checked{'GUARDIAN_MONITOR_SSH'}{$settings{'GUARDIAN_MONITOR_SSH'}} = "checked='checked'";
@@ -394,7 +388,6 @@ sub showMainBox() {
 
 	$selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
 	$selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
-	$selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
 	$selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
 
 	&Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
@@ -447,19 +440,6 @@ sub showMainBox() {
 			\$("#GUARDIAN_LOG_FACILITY").change(update_options);
 			\$("#GUARDIAN_LOGLEVEL").change(update_options);
 			update_options();
-
-			// Show / Hide snort priority level option, based if
-			// snort is enabled / disabled.
-			if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
-				\$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
-			} else {
-				\$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
-			}
-
-			// Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
-			\$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
-				\$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
-			});
 		});
 	</script>
 END
@@ -533,12 +513,6 @@ END
 				<td colspan='2'><br></td>
 			</tr>
 
-			<tr>
-				<td width='25%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
-				<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> /
-				<input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td>
-			</tr>
-
 			<tr>
 				<td width='25%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
 				<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> /
@@ -580,23 +554,6 @@ END
 				<td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
 			</tr>
 
-			<tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
-				<td colspan='2'><br></td>
-			</tr>
-
-			<tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
-				<td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
-				<td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
-					<option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>$Lang::tr{'guardian priolevel_high'}</option>
-					<option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>$Lang::tr{'guardian priolevel_medium'}</option>
-					<option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>$Lang::tr{'guardian priolevel_low'}</option>
-					<option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>$Lang::tr{'guardian priolevel_very_low'}</option>
-				</select></td>
-
-				<td width='25%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
-				<td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
-			</tr>
-
 			<tr>
 				<td colspan='2'><br></td>
 			</tr>
@@ -608,6 +565,15 @@ END
 					<option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
 				</select></td>
 
+				<td width='25%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
+				<td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
+			</tr>
+
+			<tr>
+				<td colspan='2'><br></td>
+			</tr>
+
+			<tr>
 				<td width='25%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
 				<td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
 			</tr>
@@ -977,11 +943,6 @@ sub BuildConfiguration() {
 
 	# Module settings.
 	print FILE "\n# Module settings.\n";
-	# Check if SNORT is enabled and add snort priority.
-	if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") {
-		print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n";
-	}
-
 	close(FILE);
 
 	# Generate ignore file.
diff --git a/lfs/guardian b/lfs/guardian
index 2eaf77212..d84ca64f3 100644
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 PROG       = guardian
-PAK_VER    = 15
+PAK_VER    = 16
 
 DEPS       = "perl-inotify2 perl-Net-IP"