Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-17 06:23:00 +02:00 · 2024-03-24 08:48:51 +01:00
parent 6581c6e3a6 08b7500b26
commit 46a9e7a0a4
9 changed files with 76 additions and 22 deletions
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
 sub _get_dl_rulesfile($) {
 	my ($provider) = @_;

-	# Check if the requested provider is known.
-	if ($IDS::Ruleset::Providers{$provider}) {
-		# Gather the download type for the given provider.
-		my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+	# Abort if the requested provider is not known.
+	return unless($IDS::Ruleset::Providers{$provider});

+	# Try to gather the download type for the given provider.
+	my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+	# Check if a download type could be grabbed.
+	if ($dl_type) {
 		# Obtain the file suffix for the download file type.
 		my $suffix = $dl_type_to_suffix{$dl_type};

--- a/config/rootfiles/oldcore/185/filelists/files
+++ b/config/rootfiles/oldcore/185/filelists/files
@@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin
 lib/firmware/nvidia/tegra210/vic.bin
 srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/update-ids-ruleset
 var/ipfire/backup/bin/backup.pl
+var/ipfire/ids-functions.pl
 var/ipfire/main/manualpages
 var/ipfire/ovpn/openssl/ovpn.cnf
--- a/config/rootfiles/oldcore/185/filelists/ids-ruleset-sources
+++ b/config/rootfiles/oldcore/185/filelists/ids-ruleset-sources
@@ -0,0 +1 @@
+../../../common/ids-ruleset-sources
--- a/config/rootfiles/oldcore/185/update.sh
+++ b/config/rootfiles/oldcore/185/update.sh
@@ -115,6 +115,15 @@ mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
 # Set correct ownership
 chown nobody:nobody /var/ipfire/ovpn/ovpnconfig

+# Check if the drop hostile in and out logging options need to be added
+# into the optionsfw settings file and apply to firewall
+if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
+   ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
+        sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
+        sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
+        /usr/local/bin/firewallctrl
+fi
+
 # Rebuild initial ramdisks
 dracut --regenerate-all --force
 KVER="xxxKVERxxx"
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
 		dl_type => "plain",
 	},

+	# Positive Technologies Attack Detection Team rules.
+	attack_detection => {
+		summary => "PT Attack Detection Team Rules",
+		website => "https://github.com/ptresearch/AttackDetection",
+		tr_string => "attack detection team rules",
+	},
+
+	# Secureworks Security rules.
+	secureworks_security => {
+		summary => "Secureworks Security Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks security ruleset",
+	},
+
+	# Secureworks Malware rules.
+	secureworks_malware => {
+		summary => "Secureworks Malware Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks malware ruleset",
+	},
+
+	# Secureworks Enhanced rules.
+	secureworks_enhanced => {
+		summary => "Secureworks Enhanced Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks enhanced ruleset",
+	},
+
 	# ThreatFox
 	threatfox => {
 		summary => "ThreatFox Indicators Of Compromise Rules",
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1162,6 +1162,7 @@ END
 				my $subscription_code = $used_providers{$id}[1];
 				my $autoupdate_status = $used_providers{$id}[2];
 				my $status  = $used_providers{$id}[3];
+				my $unsupported;

 				# Check if the item number is even or not.
 				if ($line % 2) {
@@ -1171,13 +1172,9 @@ END
 				}

 				# Handle providers which are not longer supported.
-				unless ($provider_name) {
-					# Set the provider name to the provider handle
-					# to display something helpful.
-					$provider_name = $provider;
-
-					# Assign background color
-					$col="bgcolor='#FF4D4D'";
+				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
+					# Mark this provider as unsupported.
+					$unsupported = "<img src='/blob.gif' alt='*'>";
 				}

 				# Choose icons for the checkboxes.
@@ -1206,7 +1203,7 @@ END

 print <<END;
 				<tr>
-					<td width='33%' class='base' $col>$provider_name</td>
+					<td width='33%' class='base' $col>$provider_name$unsupported</td>
 					<td width='30%' class='base' $col>$rulesetdate</td>

 					<td align='center' $col>
@@ -1262,10 +1259,15 @@ print <<END;
 	<hr>
 	<br>

-	<div align='right'>
-		<table width='100%'>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-				<tr>
+	<table width='100%'>
+		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+			<tr>
+				<td>
+END
+					print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+				</td>
+				<td><div align='right'>
 END

 					# Only show this button if a ruleset provider is configured.
@@ -1274,10 +1276,10 @@ END
 					}
 print <<END;
 					<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
-				</tr>
-			</form>
-		</table>
-	</div>
+					</div></td>
+			</tr>
+		</form>
+	</table>
 END

 	&Header::closebox();
@@ -1709,6 +1711,12 @@ END
 							# Grab the provider handle.
 							my $provider = $tmphash{$provider_name};

+							# Check if we are not in edit mode.
+							if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") {
+								# Skip unsupported ruleset provider.
+								next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"}));
+							}
+
 							# Pre-select the provider if one is given.
 							if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) {
 								$selected{$provider} = "selected='selected'";
@@ -1809,7 +1817,7 @@ sub show_additional_provider_actions() {
 	}

 	# Disable the manual update button if the provider is not longer supported.
-	unless ($IDS::Ruleset::Providers{$provider}) {
+	unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
 		$disabled_update = "disabled";
 	}

--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1416,6 +1416,7 @@
 'ids show' => 'Anzeigen',
 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
 'ids visit provider website' => 'Anbieter-Webseite besuchen',
 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
 'iface' => 'Iface',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1467,6 +1467,7 @@
 'ids subscription code required' => 'The selected ruleset requires a subscription code',
 'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
 'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
 'ids visit provider website' => 'Visit provider website',
 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
 'iface' => 'Iface',
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -106,7 +106,7 @@ foreach my $id (keys %providers) {
 	my $autoupdate_status = $providers{$id}[3];

 	# Skip unsupported providers.
-	next unless($IDS::Ruleset::Providers{$provider});
+	next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});

 	# Skip the provider if it is not enabled.
 	next unless($enabled_status eq "enabled");