webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

IDS Rules wieder aktiviert

Browse Source 
OpenVPN Start/Stop on boot/shutdown


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@721 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
maniacikarus
2007-07-26 17:17:06 +00:00
parent 7c4cc0d87b
commit 3ffee04be9
4 changed files with 214 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
doc/ChangeLog
View File

@@ -1,3 +1,58 @@
------------------------------------------------------------------------
r720 | maniacikarus | 2007-07-25 22:02:01 +0400 (Wed, 25 Jul 2007) | 2 lines
Guardian Paket angefangen, zum Testen muss Snort funktionieren ...
------------------------------------------------------------------------
r719 | ms | 2007-07-25 01:02:07 +0400 (Wed, 25 Jul 2007) | 3 lines
Sorry, aber so ist es deutlich schoener...
Und es ist ja schon spaet :D
------------------------------------------------------------------------
r718 | ms | 2007-07-25 00:57:19 +0400 (Wed, 25 Jul 2007) | 3 lines
Habe mal die Meldung geaendert, dass niemand die LFS-Leute informiert wenn er nen Fehler hat.
Bei Errors wartet das System jetzt 3 Minuten und geht dann automatisch weiter, falls man per Remote neu startet...
------------------------------------------------------------------------
r717 | ms | 2007-07-24 20:33:31 +0400 (Tue, 24 Jul 2007) | 2 lines
LFS-Scripts, die unbenutzt waren entfernt.
------------------------------------------------------------------------
r716 | maniacikarus | 2007-07-23 22:13:41 +0400 (Mon, 23 Jul 2007) | 3 lines
Probleme mit dem Perl Modulen hoffentlich bereinigt
MPFire liest jetzt auch Genre und Jahr aus
------------------------------------------------------------------------
r715 | maniacikarus | 2007-07-21 21:23:57 +0400 (Sat, 21 Jul 2007) | 2 lines
Fixes am MPFire und an der backupctrl
------------------------------------------------------------------------
r714 | ms | 2007-07-20 19:10:19 +0400 (Fri, 20 Jul 2007) | 2 lines
Pakfire und startklips Fixes.
------------------------------------------------------------------------
r713 | ms | 2007-07-20 03:20:04 +0400 (Fri, 20 Jul 2007) | 7 lines
Tripwire-Policy gefixt.
Backupctrl zur ISO gefuegt.
Das logger-Tool loggt nicht korrekt in eine Datei.
Unser IPSec-restart-Problem mit einem kleinem Patch behoben.
Das das ifconfig Fehler liefert nehmen wir IP.
Bitte testet dies noch einmal langfristig!!!
------------------------------------------------------------------------
r712 | maniacikarus | 2007-07-19 21:08:25 +0400 (Thu, 19 Jul 2007) | 4 lines
Backupklamotte erweitert
Fehler im Disk Graphen gefixt
Kleine Anpassung am MPFire
------------------------------------------------------------------------
r711 | ms | 2007-07-19 21:04:04 +0400 (Thu, 19 Jul 2007) | 6 lines

297
html/cgi-bin/ids.cgi
View File

@@ -453,155 +453,154 @@ if ($results ne '') {
&Header::closebox();
####################### Added for snort rules control #################################
#if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
# &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
# # Output display table for rule files
# print "<TABLE width='100%'><TR><TD VALIGN='TOP'><TABLE>";
#
# print "<form method='post'>";
#
# # Local vars
# my $ruledisplaycnt = 1;
# my $rulecnt = keys %snortrules;
# $rulecnt++;
# $rulecnt = $rulecnt / 2;
#
# # Loop over each rule file
# foreach my $rulefile (sort keys(%snortrules)) {
# my $rulechecked = '';
#
# # Check if reached half-way through rule file rules to start new column
# if ($ruledisplaycnt > $rulecnt) {
# print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
# $ruledisplaycnt = 0;
# }
#
# # Check if rule file is enabled
# if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
# $rulechecked = 'CHECKED';
# }
#
# # Create rule file link, vars array, and display flag
# my $rulefilelink = "?RULEFILE=$rulefile";
# my $rulefiletoclose = '';
# my @queryvars = ();
# my $displayrulefilerules = 0;
#
# # Check for passed in query string
# if ($ENV{'QUERY_STRING'}) {
# # Split out vars
# @queryvars = split(/\&/, $ENV{'QUERY_STRING'});
#
# # Loop over values
# foreach $value (@queryvars) {
# # Split out var pairs
# ($var, $linkedrulefile) = split(/=/, $value);
#
# # Check if var is 'RULEFILE'
# if ($var eq 'RULEFILE') {
# # Check if rulefile equals linkedrulefile
# if ($rulefile eq $linkedrulefile) {
# # Set display flag
# $displayrulefilerules = 1;
#
# # Strip out rulefile from rulefilelink
# $rulefilelink =~ s/RULEFILE=$linkedrulefile//g;
# } else {
# # Add linked rule file to rulefilelink
# $rulefilelink .= "&RULEFILE=$linkedrulefile";
# }
# }
# }
# }
#
# # Strip out extra & & ? from rulefilelink
# $rulefilelink =~ s/^\?\&/\?/i;
#
# # Check for a single '?' and replace with page for proper link display
# if ($rulefilelink eq '?') {
# $rulefilelink = "ids.cgi";
# }
#
# # Output rule file name and checkbox
# print "<TR><TD CLASS='base' VALIGN='TOP'><INPUT TYPE='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <A HREF='$rulefilelink'>$rulefile</A></TD></TR>";
# print "<TR><TD CLASS='base' VALIGN='TOP'>";
#
# # Check for empty 'Description'
# if ($snortrules{$rulefile}{'Description'} eq '') {
# print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>No description available</TD></TR>";
# } else {
# # Output rule file 'Description'
# print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>$snortrules{$rulefile}{'Description'}</TD></TR>";
# }
#
# # Check for display flag
# if ($displayrulefilerules) {
# # Rule file definition rule display
# print "<TR><TD CLASS='base' VALIGN='TOP'><TABLE border=1><TR>";
#
# # Local vars
# my $ruledefdisplaycnt = 0;
# my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}};
# $ruledefcnt++;
# $ruledefcnt = $ruledefcnt / 2;
#
# # Loop over rule file rules
# foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) {
# # Local vars
# my $ruledefchecked = '';
#
# # If have display 2 rules, start new row
# if (($ruledefdisplaycnt % 2) == 0) {
# print "</TR><TR>";
# $ruledefdisplaycnt = 0;
# }
#
# # Check for rules state
# if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') {
# $ruledefchecked = 'CHECKED';
# }
#
# # Create rule file rule's checkbox
# $checkboxname = "SNORT_RULE_$rulefile";
# $checkboxname .= "_$ruledef";
# print "<TD CLASS='base'><INPUT TYPE='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</TD>";
#
# # Increment count
# $ruledefdisplaycnt++;
# }
#
# # If do not have second rule for row, create empty cell
# if (($ruledefdisplaycnt % 2) != 0) {
# print "<TD CLASS='base'></TD>";
# }
#
# # Close display table
# print "</TR></TABLE></TD></TR>";
# }
#
# # Close display table
# print "</TABLE>";
#
# # Increment ruledisplaycnt
# $ruledisplaycnt++;
# }
#
# print "</TD></TR></TABLE></TD></TR></TABLE>";
# print <<END
#<table width='100%'>
#<tr>
# <td width='33%'>&nbsp;</td>
# <td width='33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
# <td width='33%'>
# &nbsp; <!-- space for future online help link -->
# </td>
#</tr>
#</table>
#</form>
#END
#;
# &Header::closebox();
#}
if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
# Output display table for rule files
print "<TABLE width='100%'><TR><TD VALIGN='TOP'><TABLE>";
print "<form method='post'>";
# Local vars
my $ruledisplaycnt = 1;
my $rulecnt = keys %snortrules;
$rulecnt++;
$rulecnt = $rulecnt / 2;
# Loop over each rule file
foreach my $rulefile (sort keys(%snortrules)) {
my $rulechecked = '';
# Check if reached half-way through rule file rules to start new column
if ($ruledisplaycnt > $rulecnt) {
print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
$ruledisplaycnt = 0;
}
# Check if rule file is enabled
if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
$rulechecked = 'CHECKED';
}
# Create rule file link, vars array, and display flag
my $rulefilelink = "?RULEFILE=$rulefile";
my $rulefiletoclose = '';
my @queryvars = ();
my $displayrulefilerules = 0;
# Check for passed in query string
if ($ENV{'QUERY_STRING'}) {
# Split out vars
@queryvars = split(/\&/, $ENV{'QUERY_STRING'});
# Loop over values
foreach $value (@queryvars) {
# Split out var pairs
($var, $linkedrulefile) = split(/=/, $value);
# Check if var is 'RULEFILE'
if ($var eq 'RULEFILE') {
# Check if rulefile equals linkedrulefile
if ($rulefile eq $linkedrulefile) {
# Set display flag
$displayrulefilerules = 1;
# Strip out rulefile from rulefilelink
$rulefilelink =~ s/RULEFILE=$linkedrulefile//g;
} else {
# Add linked rule file to rulefilelink
$rulefilelink .= "&RULEFILE=$linkedrulefile";
}
}
}
}
# Strip out extra & & ? from rulefilelink
$rulefilelink =~ s/^\?\&/\?/i;
# Check for a single '?' and replace with page for proper link display
if ($rulefilelink eq '?') {
$rulefilelink = "ids.cgi";
}
# Output rule file name and checkbox
print "<TR><TD CLASS='base' VALIGN='TOP'><INPUT TYPE='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <A HREF='$rulefilelink'>$rulefile</A></TD></TR>";
print "<TR><TD CLASS='base' VALIGN='TOP'>";
# Check for empty 'Description'
if ($snortrules{$rulefile}{'Description'} eq '') {
print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>No description available</TD></TR>";
} else {
# Output rule file 'Description'
print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>$snortrules{$rulefile}{'Description'}</TD></TR>";
}
# Check for display flag
if ($displayrulefilerules) {
# Rule file definition rule display
print "<TR><TD CLASS='base' VALIGN='TOP'><TABLE border=1><TR>";
# Local vars
my $ruledefdisplaycnt = 0;
my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}};
$ruledefcnt++;
$ruledefcnt = $ruledefcnt / 2;
# Loop over rule file rules
foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) {
# Local vars
my $ruledefchecked = '';
# If have display 2 rules, start new row
if (($ruledefdisplaycnt % 2) == 0) {
print "</TR><TR>";
$ruledefdisplaycnt = 0;
}
# Check for rules state
if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') {
$ruledefchecked = 'CHECKED';
}
# Create rule file rule's checkbox
$checkboxname = "SNORT_RULE_$rulefile";
$checkboxname .= "_$ruledef";
print "<TD CLASS='base'><INPUT TYPE='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</TD>";
# Increment count
$ruledefdisplaycnt++;
}
# If do not have second rule for row, create empty cell
if (($ruledefdisplaycnt % 2) != 0) {
print "<TD CLASS='base'></TD>";
}
# Close display table
print "</TR></TABLE></TD></TR>";
}
# Close display table
print "</TABLE>";
# Increment ruledisplaycnt
$ruledisplaycnt++;
}
print "</TD></TR></TABLE></TD></TR></TABLE>";
print <<END
<table width='100%'>
<tr>
<td width='33%'>&nbsp;</td>
<td width='33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
<td width='33%'>
&nbsp; <!-- space for future online help link -->
</td>
</tr>
</table>
</form>
END
;
&Header::closebox();
}
####################### End added for snort rules control #################################
&Header::closebigbox();

5
html/cgi-bin/ovpnmain.cgi
View File

@@ -573,6 +573,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
#wrtie enable
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
#new settings for daemon
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok

6
src/initscripts/init.d/network
View File

@@ -123,6 +123,9 @@ case "${DO}" in
fi
fi
boot_mesg "Setting OpenVPN if enabled"
/usr/local/bin/openvpnctrl -s; evaluate_retval
boot_mesg "Starting Snort if enabled"
/etc/rc.d/init.d/snort start; evaluate_retval
;;
@@ -157,6 +160,9 @@ case "${DO}" in
fi
fi
boot_mesg "Stopping OpenVPN if enabled"
/usr/local/bin/openvpnctrl -k; evaluate_retval
boot_mesg "Stopping Snort if enabled"
/etc/rc.d/init.d/snort stop; evaluate_retval
;;