Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

config/cfgroot/ids-functions.pl

@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
 sub _get_dl_rulesfile($) {
 	my ($provider) = @_;
 
-	# Check if the requested provider is known.
-	if ($IDS::Ruleset::Providers{$provider}) {
-		# Gather the download type for the given provider.
-		my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+	# Abort if the requested provider is not known.
+	return unless($IDS::Ruleset::Providers{$provider});
 
+	# Try to gather the download type for the given provider.
+	my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+	# Check if a download type could be grabbed.
+	if ($dl_type) {
 		# Obtain the file suffix for the download file type.
 		my $suffix = $dl_type_to_suffix{$dl_type};
 

config/rootfiles/oldcore/185/filelists/files

@@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin
 lib/firmware/nvidia/tegra210/vic.bin
 srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/update-ids-ruleset
 var/ipfire/backup/bin/backup.pl
+var/ipfire/ids-functions.pl
 var/ipfire/main/manualpages
 var/ipfire/ovpn/openssl/ovpn.cnf

config/rootfiles/oldcore/185/filelists/ids-ruleset-sources

@@ -0,0 +1 @@
+../../../common/ids-ruleset-sources

config/rootfiles/oldcore/185/update.sh

@@ -115,6 +115,15 @@ mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
 # Set correct ownership
 chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
 
+# Check if the drop hostile in and out logging options need to be added
+# into the optionsfw settings file and apply to firewall
+if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
+   ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
+        sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
+        sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
+        /usr/local/bin/firewallctrl
+fi
+
 # Rebuild initial ramdisks
 dracut --regenerate-all --force
 KVER="xxxKVERxxx"

config/suricata/ruleset-sources

@@ -97,6 +97,34 @@ our %Providers = (
 		dl_type => "plain",
 	},
 
+	# Positive Technologies Attack Detection Team rules.
+	attack_detection => {
+		summary => "PT Attack Detection Team Rules",
+		website => "https://github.com/ptresearch/AttackDetection",
+		tr_string => "attack detection team rules",
+	},
+
+	# Secureworks Security rules.
+	secureworks_security => {
+		summary => "Secureworks Security Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks security ruleset",
+	},
+
+	# Secureworks Malware rules.
+	secureworks_malware => {
+		summary => "Secureworks Malware Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks malware ruleset",
+	},
+
+	# Secureworks Enhanced rules.
+	secureworks_enhanced => {
+		summary => "Secureworks Enhanced Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks enhanced ruleset",
+	},
+
 	# ThreatFox
 	threatfox => {
 		summary => "ThreatFox Indicators Of Compromise Rules",