webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,185 Commits 2 Branches 1 Tag
00a031145e32d31a08037dda3c8a3cc7cc6c815e
Commit Graph

6007 Commits

Author SHA1 Message Date
Stefan Schantl
04b5c77a45 ruleset-sources: Move to suricata optimized ruleset when using emerginthreads. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 07:36:54 +02:00
Stefan Schantl
cc60d3dfd3 suricata: Fix include of used rulefiles yaml 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-12 18:40:31 +02:00
Stefan Schantl
4230305558 suricata: Use HOME_NET declaration from external file 
Use the gernerated HOME_NET details from
/var/ipfire/suricata/suricata-homenet.yaml which will be
generated by the WUI.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-12 07:05:24 +02:00
Stefan Schantl
5240a80987 ids-functions.pl: Add function to call suricatactrl binary 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-11 22:10:29 +02:00
Stefan Schantl
796eea2154 ids-functions.pl: Add function to check if the IDS is running 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-05 14:23:45 +02:00
Stefan Schantl
1cae702c22 ids-functions.pl: Add function to get the available network zones 
The get_available_network_zones() function uses the /var/ipfire/ethernet/settings
file and translates the configured mode into an array, which contains the names
of the configured network zones.

The array will be returned and easily can be used to loop over this list of
available network zones and perform any kind of actions in other scripts.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-05 10:33:46 +02:00
Stefan Schantl
06b569a442 oinkmaster: Install config file to /var/ipfire/suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 13:48:46 +02:00
Stefan Schantl
d33874f496 daq: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:20:18 +02:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
914cca3d8e initscripts: Link against suricata initscript in runlevels and red.up hook 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:02:34 +02:00
Stefan Schantl
74b7d695c6 misc-progs: Rename snortctrl to suricatactrl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 09:50:31 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Stefan Schantl
101d3ece24 ids-ruleset-sources: Update download URL for snort rules 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:33:37 +02:00
Stefan Schantl
bce84f3975 ids-functions.pl: Rename ruleset-sources.list to ruleset-sources 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:31:52 +02:00
Stefan Schantl
1d9b879140 ids-ruleset-sources: New package 
Move the file which contains the download URL's for the IDS rulesets
into an own common package. This will allow us in future to easily ship
a changed file with a core update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:29:36 +02:00
Stefan Schantl
72b2109c72 configroot: Move from snort to suricata 
Create /var/ipfire/suricata and /var/ipfire/suricata/settings instead of
/var/ipfire/snort and /var/ipfire/snort/settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 15:47:31 +02:00
Stefan Schantl
4c6d6c1ee3 suricata: Install very basic config file 
This config file is mostly based on the example configuration shipped
by the suricata project and needs to be enhanched.

See #11808.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 09:10:25 +02:00
Stefan Schantl
164eab6627 ids-functions.pl: Move path details from snort to suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-30 21:36:07 +02:00
Stefan Schantl
a8b8c9e5b2 Merge branch 'next-new-ids.cgi' into next-suricata-and-cgi 2018-07-30 21:33:25 +02:00
Stefan Schantl
67752a9510 suricata: New package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-30 21:31:15 +02:00
Stefan Schantl
3498300d87 libhtp: New package 
This is build and runtime dependency for suricata.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-29 09:45:05 +02:00
Stefan Schantl
91cc908f84 yaml: New package 
This is a build and runtime dependency for suricata.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-29 09:44:52 +02:00
Stefan Schantl
434001d0a0 IDS: Rework error and log handling in ids-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-28 16:34:50 +02:00
Stefan Schantl
02844177af IDS: Introduce settingsdir variable 
The $settingsdir variable is declared in the ids-functions.pl and used to to
store the path where the various files which contains the settings for the IDS and
oinkmaster is located.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-27 07:58:23 +02:00
Stefan Schantl
298ef5bafa IDS: Move rulepath declaration to ids-functions.pl 
This will help if the path ever changed. Also remove hard coded rulepath
from oinkmaster call.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 15:56:47 +02:00
Stefan Schantl
eb5592c1ce ids-functions.pl: Also log errors to syslog 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:59:15 +02:00
Stefan Schantl
0e40e1e772 ids-functions.pl: Use pure perl to log oinkmaster result to syslog 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:58:54 +02:00
Stefan Schantl
7791079275 ids-functions.pl: Make variables globally accessible 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:58:39 +02:00
Stefan Schantl
3983aebdec ids.cgi: Rework CGI logic to download a new ruleset 
* Drop function to show a notice about snort is working.
* Introduce the log_error function which is responsible for log any
  error messages. Currently it writes it to a tempory file, which will
  be read by the WUI, the message will be displayed and the temporary file
  will be released again.
* Introduce a tiny function to easily perform a reload of the generated
  webpage.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:58:01 +02:00
Stefan Schantl
25f5cb0d4b ids.cgi: Move function to call oinkmaster to ids-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:56:45 +02:00
Stefan Schantl
eea2670b39 ids.cgi: Move downloader code to ids-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:56:28 +02:00
Stefan Schantl
8dcebe5342 IDS: Introduce ids-functions.pl. 
This library will contain a set of functions used by the IDS CGI script
and the planned update script for auto-updating the snort ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:54:25 +02:00
Stefan Schantl
c6bcdda1af snort: Introduce ruleset-sources.list 
This file contains the ruleset vendors and download urls and
will be used by the ids.cgi.

If an url or filename changes, we easily can adjust this file. In most
cases this will be needed when performing a snort update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:50:11 +02:00
Stefan Schantl
9f5247f60c general-functions.pl: readhash() Add code to handle optional comments in files 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:49:56 +02:00
Stefan Schantl
ca745a2978 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2018-07-21 14:14:53 +02:00
Stefan Schantl
b5ea63f85c Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2018-07-19 18:10:23 +02:00
Arne Fitzenreiter
413149f80d kernel: aarch64: enable virtio drivers 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-19 13:26:06 +01:00
Arne Fitzenreiter
0487a49fec u-boot: boot aarch64 kernel without -multi extension 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-19 09:29:44 +01:00
Michael Tremer
0927eadc52 Rootfile update for aarch64 kernel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:13 +01:00
Michael Tremer
68a36e26b1 aarch64: Remove -multi suffix from kernel 
This gets in the way for authoring the CD and we will
never have any other kernels but the main one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-12 14:03:03 +01:00
Michael Tremer
820e90db0f iptables: Ship all modules 
These have been all disabled with the last update of
the iptables package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-12 10:04:37 +01:00
Michael Tremer
7471256910 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-12 10:03:34 +01:00
Michael Tremer
1413006b5b aws: Create "setup" user to run setup 
Amazon does not permit that a user logs in as root directly.
Instead they insist on using sudo.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-10 18:40:06 +01:00
Stefan Schantl
fb22c9ffd9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2018-07-08 08:34:37 +02:00
Michael Tremer
9aefd1ed07 usbutils: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-03 20:01:46 +01:00
Arne Fitzenreiter
716c4751e7 spice-protocol: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-03 16:03:37 +01:00
Arne Fitzenreiter
904ae7929a libgcrypt: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-03 16:01:35 +01:00
Arne Fitzenreiter
37458540bf collect: fix cpufreq graph on some machines. 
the file cpuinfo_cur_freq does not exist on all systems that support collect
cpufreq data.

fixes #11739
 2018-07-03 15:09:40 +02:00
Arne Fitzenreiter
64252706ce Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2018-07-03 11:52:18 +01:00
Arne Fitzenreiter
1ac0d5c598 Merge branch 'aarch64' into next 
Conflicts:
	config/rootfiles/core/121/filelists/acpid
	config/rootfiles/core/121/filelists/apache2
	config/rootfiles/core/121/filelists/apr
	config/rootfiles/core/121/filelists/aprutil
	config/rootfiles/core/121/filelists/armv5tel/files
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-multi
	config/rootfiles/core/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/121/filelists/armv5tel/u-boot
	config/rootfiles/core/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/121/filelists/beep
	config/rootfiles/core/121/filelists/cmake
	config/rootfiles/core/121/filelists/crda
	config/rootfiles/core/121/filelists/dhcp
	config/rootfiles/core/121/filelists/flex
	config/rootfiles/core/121/filelists/i586/grub
	config/rootfiles/core/121/filelists/i586/intel-microcode
	config/rootfiles/core/121/filelists/i586/linux
	config/rootfiles/core/121/filelists/i586/linux-initrd
	config/rootfiles/core/121/filelists/iw
	config/rootfiles/core/121/filelists/jwhois
	config/rootfiles/core/121/filelists/libidn
	config/rootfiles/core/121/filelists/multipath-tools
	config/rootfiles/core/121/filelists/pcre
	config/rootfiles/core/121/filelists/tar
	config/rootfiles/core/121/filelists/unbound
	config/rootfiles/core/121/filelists/wget
	config/rootfiles/core/121/filelists/x86_64/grub
	config/rootfiles/core/121/filelists/x86_64/intel-microcode
	config/rootfiles/core/121/filelists/x86_64/linux
	config/rootfiles/core/121/filelists/x86_64/linux-initrd
	config/rootfiles/core/122/filelists/aarch64/files
	config/rootfiles/core/122/filelists/acpid
	config/rootfiles/core/122/filelists/apache2
	config/rootfiles/core/122/filelists/apr
	config/rootfiles/core/122/filelists/aprutil
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/122/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-multi
	config/rootfiles/core/122/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/122/filelists/armv5tel/u-boot
	config/rootfiles/core/122/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/122/filelists/beep
	config/rootfiles/core/122/filelists/cmake
	config/rootfiles/core/122/filelists/crda
	config/rootfiles/core/122/filelists/dhcp
	config/rootfiles/core/122/filelists/flex
	config/rootfiles/core/122/filelists/i586/grub
	config/rootfiles/core/122/filelists/i586/intel-microcode
	config/rootfiles/core/122/filelists/i586/linux
	config/rootfiles/core/122/filelists/i586/linux-initrd
	config/rootfiles/core/122/filelists/iw
	config/rootfiles/core/122/filelists/jwhois
	config/rootfiles/core/122/filelists/libidn
	config/rootfiles/core/122/filelists/multipath-tools
	config/rootfiles/core/122/filelists/pcre
	config/rootfiles/core/122/filelists/tar
	config/rootfiles/core/122/filelists/unbound
	config/rootfiles/core/122/filelists/wget
	config/rootfiles/core/122/filelists/x86_64/grub
	config/rootfiles/core/122/filelists/x86_64/intel-microcode
	config/rootfiles/core/122/filelists/x86_64/linux
	config/rootfiles/core/122/filelists/x86_64/linux-initrd
	config/rootfiles/core/123/filelists/unbound
	config/rootfiles/oldcore/121/filelists/acpid
	config/rootfiles/oldcore/121/filelists/apache2
	config/rootfiles/oldcore/121/filelists/apr
	config/rootfiles/oldcore/121/filelists/aprutil
	config/rootfiles/oldcore/121/filelists/armv5tel/files
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/oldcore/121/filelists/beep
	config/rootfiles/oldcore/121/filelists/cmake
	config/rootfiles/oldcore/121/filelists/crda
	config/rootfiles/oldcore/121/filelists/dhcp
	config/rootfiles/oldcore/121/filelists/flex
	config/rootfiles/oldcore/121/filelists/i586/grub
	config/rootfiles/oldcore/121/filelists/i586/intel-microcode
	config/rootfiles/oldcore/121/filelists/i586/linux
	config/rootfiles/oldcore/121/filelists/i586/linux-initrd
	config/rootfiles/oldcore/121/filelists/iw
	config/rootfiles/oldcore/121/filelists/jwhois
	config/rootfiles/oldcore/121/filelists/libidn
	config/rootfiles/oldcore/121/filelists/multipath-tools
	config/rootfiles/oldcore/121/filelists/pcre
	config/rootfiles/oldcore/121/filelists/tar
	config/rootfiles/oldcore/121/filelists/wget
	config/rootfiles/oldcore/121/filelists/x86_64/grub
	config/rootfiles/oldcore/121/filelists/x86_64/intel-microcode
	config/rootfiles/oldcore/121/filelists/x86_64/linux
	config/rootfiles/oldcore/121/filelists/x86_64/linux-initrd
	make.sh
 2018-07-03 11:52:05 +01:00