webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,890 Commits 2 Branches 1 Tag
loongfire
Commit Graph

280 Commits

Author SHA1 Message Date
Michael Tremer
e5da7dea66 ids.cgi: Add UI to enable scanning on IPsec 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:45:35 +00:00
Michael Tremer
4efa4c4b71 ids.cgi: Don't show the graph if there is no RRD data 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:44:42 +00:00
Michael Tremer
0c5a683b7e ids.cgi: Fix empty states of tables 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:44:34 +00:00
Michael Tremer
4721fac3c8 IPS: Ada a graph that shows the IPS throughput 
This graph is split into three parts. One shows bypassed packets, the
next one shows the actually scanned packets and lastly we show the total
throughput.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:44:12 +00:00
Michael Tremer
8b73307b15 suricata: Force Suricata to write a PID file again 
The PID file does not get written when Suricata is not being started in
daemon mode and therefore we need to pass it as a command line
parameter.

The initscript should not deal with the PID file when starting but needs
it to terminate the process and to check the process status.

The web UI can use the PID file again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:44:02 +00:00
Michael Tremer
2438c6c249 ids.cgi: Fix detection for the Suricata process 
We don't seem to have a PID file any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:35 +00:00
Michael Tremer
d3db046570 ids.cgi: Remove box from the top section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:30 +00:00
Michael Tremer
d2f7d18e33 ids.cgi: Sort whitelist entries 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:23 +00:00
Michael Tremer
891702cad1 ids.cgi: Use new-style table for whitelist entries 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:18 +00:00
Michael Tremer
119cb83706 ids.cgi: Use new style tables for rulesets 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:11 +00:00
Michael Tremer
50f3e2a534 suricata: Fix broken spacing in the settings section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:43:06 +00:00
Michael Tremer
1b7d1abdf0 suricata: Add option to scan WireGuard 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-09-24 08:42:59 +00:00
Michael Tremer
2682a1d17a ids.cgi: Use the PID file to find suricata 
The process changes it name to "Suricata-Main" which is why the previous
method did not work.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-08-07 14:16:43 +02:00
Michael Tremer
3fb09506ae ids.cgi: Use new services function 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-08-07 14:11:40 +02:00
Michael Tremer
9dd2a4635f IPS: Fix how we show EOL providers 
There is no need to add a legend as I find it confusing. The change that
people are using an EOL is rather slim and so I don't to waste space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-03-26 15:23:08 +00:00
Stefan Schantl
ad0d064a48 ids.cgi: Improve add provider logic 
Do not longer add unsupported/removed providers as an option
when adding a new/first ruleset provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-03-22 15:30:22 +00:00
Stefan Schantl
cf6eaba833 ids.cgi: Adjust code for marking unsupported providers 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-03-22 15:18:41 +00:00
Stefan Schantl
df7977fde7 ids.cgi: Change check if a provider is not longer supported 
This check is now based on a download URL instead of checking if
an entry in the ruleset sources is present.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-03-22 15:18:41 +00:00
Stefan Schantl
1a9e81ce7f ids.cgi: Remove etag data when deleting a provider. 
Otherwise the same provider could not be added again at a later
time if the stored etag is still valid.

In this case the server will not offer the rules and the provider
could not be added.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-26 05:24:47 +02:00
Stefan Schantl
1febad2ad4 ids.cgi: Avoid doubble locking the page when forcing a ruleset update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-22 05:45:56 +02:00
Stefan Schantl
07dc722f61 ids.cgi: Make the page lock in oinkmaster_web() function optional. 
This allows to call and release the page lock manually.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-22 05:44:23 +02:00
Stefan Schantl
eaf5364413 ids.cgi: Disable manual update button if a provider is not longer 
supported.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:21:20 +02:00
Stefan Schantl
6bef05b9ed ids.cgi: Proper handle providers which are not longer supported. 
They will be shown with a different background colour to get the users
attention.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:03:56 +02:00
Stefan Schantl
da5c7c24f0 ids.cgi: Remove orphaned headline. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 16:02:28 +02:00
Stefan Schantl
5bad33e9a4 ids.cgi: Display return code on download error, when adding a new 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:32:27 +02:00
Stefan Schantl
00271ed769 ids.cgi: Handle "Not modified" when forcing an ruleset update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:30:03 +02:00
Stefan Schantl
b645f7fc86 ids.cgi: Do not longer use hard-coded status messages in 
oinkmaster_web() function.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:12:58 +02:00
Stefan Schantl
a15c9b16b4 IDS: Move autoupdate logic to cron. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:59:33 +02:00
Stefan Schantl
2f154264a0 ids.cg: Regeneate ruleset if the ruleset action (mode) of a provider 
get changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-14 05:16:25 +02:00
Stefan Schantl
149a3291df ids.cgi: Do not double display a working notice when removing a ruleset 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-11 05:47:15 +02:00
Stefan Schantl
faa8c62f63 ids.cgi: Use new oinkmaster_web function instead the silent one from 
ids-functions.

This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:25:36 +02:00
Stefan Schantl
44d41fd692 ids.cgi: Add oinkmaster_web () function. 
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:23:49 +02:00
Stefan Schantl
1aaa347774 ids.cgi: Allow to split working_notice function into two parts. 
This allows to open the notice and close it at a later time.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:19:41 +02:00
Stefan Schantl
25652a75d4 ids.cgi: Keep IDS/IPS mode settings when enabling/disabling a provider 
or autoupdate for it.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:17:05 +02:00
Stefan Schantl
30c4a9ff35 ids.cgi: Adjust code to use new used-rulesfiles backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-09 15:00:21 +02:00
Stefan Schantl
fa7663a1b5 ids.cgi: Remove newly added provider if the rules could not be 
downloaded.

When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.

To avoid that, the provider needs to be removed again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:26:35 +01:00
Stefan Schantl
432b8ed21e ids.cgi: Drop last fragments from old modify sids backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:54:19 +01:00
Stefan Schantl
443ad51d1c ids.cgi: Allow to configure IDS/IPS mode individually for each provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:21 +01:00
Stefan Schantl
4c98be8bd2 ids.cgi: Use new provider modifications backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:02 +01:00
Stefan Schantl
9f353f8518 ids.cgi: Use new backend to store the ruleset modifications of a 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:44 +01:00
Matthias Fischer
834227f2c8 ids.cgi: Added topic for ruleset actions 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-14 15:15:39 +00:00
Matthias Fischer
800290ce2a ids.cgi: Fixed trivial typos in comment 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-14 15:15:17 +00:00
Stefan Schantl
18f0991c35 ids.cgi: Only read-in ignored hosts, if the ignore file exists. 
Otherwise the CGI will crash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:50:45 +00:00
Peter Müller
1b939d0ecc ids.cgi: Fix unmatched curly bracket and trailing whitespaces 
The former causes this CGI to crash with an HTTP error 500.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-01-29 17:07:34 +00:00
Stefan Schantl
0f1d0b9c3c ids.cgi: Use experimental smartmatch. 
This will prevent from spawning the http error log with warnings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
4d438241c3 ids.cgi: Do not expect a space after the msg tag has been closed while 
processing rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
14696ced7e ids.cgi: Always write used providers rulefiles file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
258924ee79 ids.cgi: Add the provider handle if the forced update of a provider 
fails.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
969983eba4 ids.cgi: Add some more sanity checks when adding a new provider. 
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
  downloaded.

In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
214f34ec4e ids.cgi: Use newly intruduced functions when removing a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00