From 034a390e6c29a8ff1f1ceefbd93d24e9887d4e38 Mon Sep 17 00:00:00 2001 From: Daniel Glanzmann Date: Thu, 25 Sep 2008 19:09:07 +0000 Subject: [PATCH 1/3] Added netcat and iperf. --- lfs/iperf | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ lfs/netcat | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ make.sh | 2 ++ 3 files changed, 170 insertions(+) create mode 100644 lfs/iperf create mode 100644 lfs/netcat diff --git a/lfs/iperf b/lfs/iperf new file mode 100644 index 000000000..8b58e198c --- /dev/null +++ b/lfs/iperf @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.0.4 + +THISAPP = iperf-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = iperf +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 8c5bc14cc2ea55f18f22afe3c23e3dcb + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/netcat b/lfs/netcat new file mode 100644 index 000000000..d07669b6d --- /dev/null +++ b/lfs/netcat @@ -0,0 +1,84 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.7.1 + +THISAPP = netcat-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = netcat +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 088def25efe04dcdd1f8369d8926ab34 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 09a9d0041..7f62482ec 100755 --- a/make.sh +++ b/make.sh @@ -589,6 +589,8 @@ buildipfire() { ipfiremake bluetooth ipfiremake gutenprint ipfiremake apcupsd + ipfiremake iperf + ipfiremake netcat echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild echo >> $BASEDIR/build/var/ipfire/firebuild From b5cf97172c9960d330866ad2bd02f68cb1b2ebb9 Mon Sep 17 00:00:00 2001 From: Daniel Glanzmann Date: Thu, 25 Sep 2008 19:10:42 +0000 Subject: [PATCH 2/3] In installer, there is an unattended option that allows definition of a backup archive. --- src/install+setup/install/unattended.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/install+setup/install/unattended.c b/src/install+setup/install/unattended.c index 0606b3d93..b771b6fd9 100644 --- a/src/install+setup/install/unattended.c +++ b/src/install+setup/install/unattended.c @@ -41,6 +41,7 @@ int unattended_setup(struct keyvalue *unattendedkv) { char green_broadcast[STRING_SIZE]; char root_password[STRING_SIZE]; char admin_password[STRING_SIZE]; + char restore_file[STRING_SIZE]; findkey(unattendedkv, "DOMAINNAME", domainname); findkey(unattendedkv, "HOSTNAME", hostname); @@ -54,6 +55,7 @@ int unattended_setup(struct keyvalue *unattendedkv) { findkey(unattendedkv, "GREEN_BROADCAST", green_broadcast); findkey(unattendedkv, "ROOT_PASSWORD", root_password); findkey(unattendedkv, "ADMIN_PASSWORD", admin_password); + findkey(unattendedkv, "RESTORE_FILE", restore_file); /* write main/settings. */ replacekeyvalue(mainsettings, "DOMAINNAME", domainname); @@ -144,6 +146,16 @@ int unattended_setup(struct keyvalue *unattendedkv) { return 0; } + /* restore backup */ + if (restore_file != "") { + fprintf(flog, "unattended: Restoring Backup\n"); + snprintf(commandstring, STRING_SIZE, + "cd /harddisk && /bin/tar -xvz --preserve -f /cdrom/%s", restore_file); + if (mysystem(commandstring)) { + errorbox("unattended: ERROR setting admin password"); + return 0; + } + fprintf(flog, "unattended: Setup ended\n"); return 1; } From 429f70083a21d3d84a82727bb0e942afd3f0591c Mon Sep 17 00:00:00 2001 From: Daniel Glanzmann Date: Thu, 25 Sep 2008 19:11:46 +0000 Subject: [PATCH 3/3] Added a checkbox that enables/disables the snort http pp. --- html/cgi-bin/ids.cgi | 34 ++++++++++++++++++++++++++++++++-- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index e41d3517c..efd79b58c 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -56,6 +56,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off'; $snortsettings{'ENABLE_SNORT_GREEN'} = 'off'; $snortsettings{'ENABLE_SNORT_BLUE'} = 'off'; $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off'; +$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} = 'off'; $snortsettings{'ENABLE_GUARDIAN'} = 'off'; $snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`; $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1'; @@ -108,9 +109,20 @@ if (-e "/etc/snort/snort.conf") { # Loop over each line foreach my $line (@snortconfig) { - # Trim the line + # Trim the line chomp $line; + if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) { + # Check for preprocessor settings + if ($line =~ /preprocessor http_inspect:/) { + # Strip out leading # from rule line + $line =~ s/\# ?//i; + if (($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'off')) { + $line = "# $line"; + } + } + } + # Check for a line with .rules if ($line =~ /\.rules$/) { # Parse out rule file name @@ -226,6 +238,7 @@ if (-e "/etc/snort/snort.conf") { if (!exists $snortsettings{"SNORT_RULE_$rule"}) { $line = "# $line"; } + } # Check for rule state @@ -301,6 +314,12 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e } else { unlink "${General::swroot}/snort/enable_orange"; } + if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on') + { + system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect"); + } else { + unlink "${General::swroot}/snort/enable_preprocessor_http_inspect"; + } if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on') { system ('/usr/bin/touch', "${General::swroot}/guardian/enable"); @@ -308,7 +327,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e unlink "${General::swroot}/guardian/enable"; } - system('/usr/local/bin/snortctrl restart >/dev/null'); + system('/usr/local/bin/snortctrl restart >/dev/null'); } elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){ open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}"; @@ -365,6 +384,9 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c $checked{'ENABLE_SNORT_ORANGE'}{'off'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{'on'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'"; +$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'off'} = ''; +$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} = ''; +$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}} = "checked='checked'"; $checked{'ENABLE_GUARDIAN'}{'off'} = ''; $checked{'ENABLE_GUARDIAN'}{'on'} = ''; $checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'"; @@ -433,6 +455,14 @@ print <
+ + $Lang::tr{'ids preprocessor'} + + + http_inspect + +
+ $Lang::tr{'ids rules update'} diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index b47f5ba91..132137ea1 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -852,6 +852,7 @@ 'ids rules license2' => 'Bestätigen Sie die Lizenz, empfangen Sie Ihr Passwort per email und gehen Sie auf die Website. Gehen Sie zu', 'ids rules license3' => 'klicken Sie den \'Get Code\' Knopf am Fuß und kopieren den 40-Zeichen Oink Code in das untere Feld.', 'ids rules update' => 'Snort Regeln Update', +'ids preprocessor' => 'Snort Präprozessor', 'iface' => 'Iface', 'ignore filter' => '"Ignorieren"-Filter', 'ike encryption' => 'IKE Verschlüsselung:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index fd0579358..174e26aae 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -881,6 +881,7 @@ 'ids rules license2' => 'Acknowledge the license, receive your password by email, and connect to the site. Go to', 'ids rules license3' => 'press the \'Get Code\' button at the bottom and copy the 40 character Oink Code into the field below.', 'ids rules update' => 'Snort rules update', +'ids preprocessor' => 'Snort preprocessor', 'iface' => 'Iface', 'ignore filter' => 'Ignore filter', 'ike encryption' => 'IKE Encryption:',