webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 21:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,185 Commits 2 Branches 1 Tag
00a031145e32d31a08037dda3c8a3cc7cc6c815e
Commit Graph

1837 Commits

Author SHA1 Message Date
Stefan Schantl
06b569a442 oinkmaster: Install config file to /var/ipfire/suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 13:48:46 +02:00
Stefan Schantl
d33874f496 daq: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:20:18 +02:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
914cca3d8e initscripts: Link against suricata initscript in runlevels and red.up hook 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:02:34 +02:00
Stefan Schantl
74b7d695c6 misc-progs: Rename snortctrl to suricatactrl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 09:50:31 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Stefan Schantl
1d9b879140 ids-ruleset-sources: New package 
Move the file which contains the download URL's for the IDS rulesets
into an own common package. This will allow us in future to easily ship
a changed file with a core update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:29:36 +02:00
Stefan Schantl
72b2109c72 configroot: Move from snort to suricata 
Create /var/ipfire/suricata and /var/ipfire/suricata/settings instead of
/var/ipfire/snort and /var/ipfire/snort/settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 15:47:31 +02:00
Stefan Schantl
4c6d6c1ee3 suricata: Install very basic config file 
This config file is mostly based on the example configuration shipped
by the suricata project and needs to be enhanched.

See #11808.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 09:10:25 +02:00
Stefan Schantl
a8b8c9e5b2 Merge branch 'next-new-ids.cgi' into next-suricata-and-cgi 2018-07-30 21:33:25 +02:00
Stefan Schantl
67752a9510 suricata: New package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-30 21:31:15 +02:00
Stefan Schantl
3498300d87 libhtp: New package 
This is build and runtime dependency for suricata.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-29 09:45:05 +02:00
Stefan Schantl
91cc908f84 yaml: New package 
This is a build and runtime dependency for suricata.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-29 09:44:52 +02:00
Stefan Schantl
8dcebe5342 IDS: Introduce ids-functions.pl. 
This library will contain a set of functions used by the IDS CGI script
and the planned update script for auto-updating the snort ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:54:25 +02:00
Stefan Schantl
c6bcdda1af snort: Introduce ruleset-sources.list 
This file contains the ruleset vendors and download urls and
will be used by the ids.cgi.

If an url or filename changes, we easily can adjust this file. In most
cases this will be needed when performing a snort update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-07-26 11:50:11 +02:00
Arne Fitzenreiter
413149f80d kernel: aarch64: enable virtio drivers 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-19 13:26:06 +01:00
Michael Tremer
0927eadc52 Rootfile update for aarch64 kernel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:13 +01:00
Michael Tremer
820e90db0f iptables: Ship all modules 
These have been all disabled with the last update of
the iptables package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-12 10:04:37 +01:00
Michael Tremer
7471256910 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-12 10:03:34 +01:00
Michael Tremer
1413006b5b aws: Create "setup" user to run setup 
Amazon does not permit that a user logs in as root directly.
Instead they insist on using sudo.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-10 18:40:06 +01:00
Michael Tremer
9aefd1ed07 usbutils: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-03 20:01:46 +01:00
Arne Fitzenreiter
716c4751e7 spice-protocol: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-03 16:03:37 +01:00
Arne Fitzenreiter
904ae7929a libgcrypt: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-03 16:01:35 +01:00
Arne Fitzenreiter
64252706ce Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2018-07-03 11:52:18 +01:00
Arne Fitzenreiter
1ac0d5c598 Merge branch 'aarch64' into next 
Conflicts:
	config/rootfiles/core/121/filelists/acpid
	config/rootfiles/core/121/filelists/apache2
	config/rootfiles/core/121/filelists/apr
	config/rootfiles/core/121/filelists/aprutil
	config/rootfiles/core/121/filelists/armv5tel/files
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-multi
	config/rootfiles/core/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/121/filelists/armv5tel/u-boot
	config/rootfiles/core/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/121/filelists/beep
	config/rootfiles/core/121/filelists/cmake
	config/rootfiles/core/121/filelists/crda
	config/rootfiles/core/121/filelists/dhcp
	config/rootfiles/core/121/filelists/flex
	config/rootfiles/core/121/filelists/i586/grub
	config/rootfiles/core/121/filelists/i586/intel-microcode
	config/rootfiles/core/121/filelists/i586/linux
	config/rootfiles/core/121/filelists/i586/linux-initrd
	config/rootfiles/core/121/filelists/iw
	config/rootfiles/core/121/filelists/jwhois
	config/rootfiles/core/121/filelists/libidn
	config/rootfiles/core/121/filelists/multipath-tools
	config/rootfiles/core/121/filelists/pcre
	config/rootfiles/core/121/filelists/tar
	config/rootfiles/core/121/filelists/unbound
	config/rootfiles/core/121/filelists/wget
	config/rootfiles/core/121/filelists/x86_64/grub
	config/rootfiles/core/121/filelists/x86_64/intel-microcode
	config/rootfiles/core/121/filelists/x86_64/linux
	config/rootfiles/core/121/filelists/x86_64/linux-initrd
	config/rootfiles/core/122/filelists/aarch64/files
	config/rootfiles/core/122/filelists/acpid
	config/rootfiles/core/122/filelists/apache2
	config/rootfiles/core/122/filelists/apr
	config/rootfiles/core/122/filelists/aprutil
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/122/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-multi
	config/rootfiles/core/122/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/122/filelists/armv5tel/u-boot
	config/rootfiles/core/122/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/122/filelists/beep
	config/rootfiles/core/122/filelists/cmake
	config/rootfiles/core/122/filelists/crda
	config/rootfiles/core/122/filelists/dhcp
	config/rootfiles/core/122/filelists/flex
	config/rootfiles/core/122/filelists/i586/grub
	config/rootfiles/core/122/filelists/i586/intel-microcode
	config/rootfiles/core/122/filelists/i586/linux
	config/rootfiles/core/122/filelists/i586/linux-initrd
	config/rootfiles/core/122/filelists/iw
	config/rootfiles/core/122/filelists/jwhois
	config/rootfiles/core/122/filelists/libidn
	config/rootfiles/core/122/filelists/multipath-tools
	config/rootfiles/core/122/filelists/pcre
	config/rootfiles/core/122/filelists/tar
	config/rootfiles/core/122/filelists/unbound
	config/rootfiles/core/122/filelists/wget
	config/rootfiles/core/122/filelists/x86_64/grub
	config/rootfiles/core/122/filelists/x86_64/intel-microcode
	config/rootfiles/core/122/filelists/x86_64/linux
	config/rootfiles/core/122/filelists/x86_64/linux-initrd
	config/rootfiles/core/123/filelists/unbound
	config/rootfiles/oldcore/121/filelists/acpid
	config/rootfiles/oldcore/121/filelists/apache2
	config/rootfiles/oldcore/121/filelists/apr
	config/rootfiles/oldcore/121/filelists/aprutil
	config/rootfiles/oldcore/121/filelists/armv5tel/files
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/oldcore/121/filelists/beep
	config/rootfiles/oldcore/121/filelists/cmake
	config/rootfiles/oldcore/121/filelists/crda
	config/rootfiles/oldcore/121/filelists/dhcp
	config/rootfiles/oldcore/121/filelists/flex
	config/rootfiles/oldcore/121/filelists/i586/grub
	config/rootfiles/oldcore/121/filelists/i586/intel-microcode
	config/rootfiles/oldcore/121/filelists/i586/linux
	config/rootfiles/oldcore/121/filelists/i586/linux-initrd
	config/rootfiles/oldcore/121/filelists/iw
	config/rootfiles/oldcore/121/filelists/jwhois
	config/rootfiles/oldcore/121/filelists/libidn
	config/rootfiles/oldcore/121/filelists/multipath-tools
	config/rootfiles/oldcore/121/filelists/pcre
	config/rootfiles/oldcore/121/filelists/tar
	config/rootfiles/oldcore/121/filelists/wget
	config/rootfiles/oldcore/121/filelists/x86_64/grub
	config/rootfiles/oldcore/121/filelists/x86_64/intel-microcode
	config/rootfiles/oldcore/121/filelists/x86_64/linux
	config/rootfiles/oldcore/121/filelists/x86_64/linux-initrd
	make.sh
 2018-07-03 11:52:05 +01:00
Michael Tremer
571cfa9718 multipath-tools: Update to 0.7.7 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-02 19:10:36 +01:00
Arne Fitzenreiter
cf7a7a874f Merge remote-tracking branch 'origin/master' into aarch64 2018-07-02 19:07:22 +01:00
Peter Müller
df5cc48dd6 update StrongSwan to 5.6.3 
This also takes advantage of changed crypto plugins (see first
patch) and updates the rootfile.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:36:11 +01:00
Peter Müller
0779907e1b libgcrypt: update to 1.8.3 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:36:09 +01:00
Matthias Fischer
79d32988c5 unbound: Update to 1.7.3 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:36:04 +01:00
Peter Müller
c6e5fcdf12 conntrack-tools: update to 1.4.5 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:35:54 +01:00
Peter Müller
eeab80f8dc libnetfilter_conntrack: update to 1.0.7 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:35:53 +01:00
Peter Müller
733fae2abe iptables: update to 1.6.2 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:35:52 +01:00
Michael Tremer
dc845b6c81 AWS: Hide certain things on the web UI 
Those are practically unusable on AWS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-01 12:15:00 +01:00
Michael Tremer
4e9000b4d8 nss-myhostname: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-30 19:51:38 +01:00
Arne Fitzenreiter
4838034131 random: update initskript for machines with low entropy 
the script wait until crng is correct initialized before restore the
random seed and make some disc io to work around low entropy at boot
on some machines. Not really a fix but it should be better than reverting
CVE-2018-1108 fixes from kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-28 20:48:58 +02:00
Michael Tremer
bd3bcb45d6 AWS: Import aws setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-25 10:55:39 +01:00
Michael Tremer
563c502163 dhcp: Ship dhclient 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-25 10:54:36 +01:00
Michael Tremer
1c21ebf8d5 Add initscript that automatically configures IPFire on AWS EC2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-21 16:45:40 +01:00
Arne Fitzenreiter
5b17da41c1 kernel: add config for aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-21 06:20:35 +01:00
Arne Fitzenreiter
2bd9316d9d rpi-firmware: build for aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-21 06:17:49 +01:00
Arne Fitzenreiter
963f6e973a u-boot: add config for aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-21 06:12:59 +01:00
Erik Kapfer
7ea54fee01 ipset: Update to 6.38 
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-18 15:06:22 +01:00
Peter Müller
dec940e157 tzdata: update to 2018e 
Some lines in the rootfile were sort incorrectly, this has been fixed.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-17 18:20:08 +01:00
Peter Müller
c069312790 coreutils: update to 8.29 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-17 18:20:07 +01:00
Peter Müller
ba05c8af80 libgcrypt: update to 1.8.2 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-17 18:20:06 +01:00
Peter Müller
770b458766 attr: fix rootfile 
There was a man page missing in the attr rootfile.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-17 18:20:03 +01:00
Peter Müller
7a3772381f unbound: update to 1.7.2 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-17 18:19:56 +01:00
Matthias Fischer
5bb288a244 dhcp: Update to 4.4.1 
For details see:
https://kb.isc.org/article/AA-01571/82/DHCP-4.4.1-Release-Notes.html

This should close https://bugzilla.ipfire.org/show_bug.cgi?id=11697 and
https://bugzilla.ipfire.org/show_bug.cgi?id=11293.

This update required some changes as described in:
https://bugzilla.ipfire.org/show_bug.cgi?id=11697#c6

Thanks to all testers! ;-)

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-04 13:52:43 +01:00
Michael Tremer
d7ce23e5de aarch64: Fix rootfile for Python 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-04 12:15:26 +01:00