webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,445 Commits 2 Branches 1 Tag
00a083aaf2003ef8f970a9c69ccf0e8020391176
Commit Graph

14445 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
00a083aaf2 Backup: Add suricata rules-settings file. 
This file contains the configured ruleset and oinkcode settings and
therefore needs to be backuped and restored.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-05 07:33:45 +00:00
Arne Fitzenreiter
2f8a33e182 suricata: increase dns flood trigger 
on slow lines unbound trigger the floodprotection at init.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-02 16:31:18 +00:00
Arne Fitzenreiter
702b59cd02 paks: fix meta size entry 
remove the doublequotes around the size because pakfire not
accept this.

fixes: #12348

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-02 16:28:39 +00:00
Arne Fitzenreiter
0b0a3634cd core143: stop/start updated services 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:59:42 +00:00
Arne Fitzenreiter
55f4de214f core143: add suricata.yaml 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:50:47 +00:00
Peter Müller
8bf1c9f65d OpenSSL: update to 1.1.1f 
Fixes #12345 (yes, that's the real bug ID :-) )

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:46:55 +00:00
Stefan Schantl
d383248063 Suricata: Add port 81 (UpdateAccelerator) to group of HTTP ports. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:46:27 +00:00
Arne Fitzenreiter
006b79aaa9 core143: add ids.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:42:55 +00:00
Stefan Schantl
af8e5145fa ids.cgi: Restart suricata if necessary when altering the ruleset. 
Suricata does support re-reading it's configuration files and therfore
we need to restart it, if one or more ruleset files should be loaded or
not loaded anymore.

If simple some rules inside the same files are activated or deactivated
we are still fine to call the reload method to send suricata the signal
to reload its ruleset.

Fixes #12340.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:41:51 +00:00
Michael Tremer
2ff56df4e0 strongswan: Build sha3 plugin 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:40:39 +00:00
Michael Tremer
dce34b2dcb strongswan: Update to 5.8.4 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:40:02 +00:00
Arne Fitzenreiter
3c90dd92a5 core143: add dma, mail.cgi and vpnmain.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 19:13:08 +00:00
Michael Tremer
0c466599d0 amazon-ssm-agent: Allow to overcommit memory 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:28:40 +00:00
Michael Tremer
229a6dffd7 amazon-ssm-agent: Update to 2.3.930.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:28:38 +00:00
Arne Fitzenreiter
81ebfac70d vpnmain.cgi: fix string 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:25:08 +00:00
Michael Tremer
610108ffbd Fix accidentially reverted IKE lifetime limit to 24 hours 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:21:25 +00:00
Arne Fitzenreiter
37533b0dea core143: apply changed sysctl settings 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:09:34 +00:00
Peter Müller
29a8992b72 sysctl.conf: Turn on hard- and symlink protection 
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:07:26 +00:00
Peter Müller
6075720c48 update language files for mail.cgi changes 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:49:22 +00:00
Peter Müller
d07286de46 mail.cgi: add support for implicit TLS usage 
The second version of this patchset fixes reading empty configuration
files and superseds the first version (duh!).

Fixes #12161

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:45:11 +00:00
Peter Müller
59b2a70f7a dma: update to 0.12 
All of the dma patches in src/patches/ were merged into its upstream
repository by now, thus becoming obsolete and deleted by this patch.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:44:35 +00:00
Arne Fitzenreiter
2d599cca34 core143: add oinkmaster.conf 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:43:50 +00:00
Stefan Schantl
1d84b352df oinkmaster: Do not skip threshold.conf 
Fixes #12096.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:41:25 +00:00
Arne Fitzenreiter
2480c416d6 core143: set user of /var/spool/cron to cron 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:39:06 +00:00
Michael Tremer
e4a0b55881 fcron: Fix reloading crontab 
fcrontab -z fails on a freshly installed system since
/var/spool/cron is now owned by cron:cron and a temporary
file cannot be created.

This will have to be manually changed in the updater by
calling:

  chown cron:cron /var/spool/cron

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:37:38 +00:00
Peter Müller
8f4ed62fa8 spectre-meltdown-checker: update to 0.43 
Please refer to https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.43
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:33:57 +00:00
Erik Kapfer
fa4dbe2745 OpenVPN: Delete RRD dir if connection is deleted 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:29:57 +00:00
Arne Fitzenreiter
5192ceae53 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-03-29 06:35:21 +00:00
Arne Fitzenreiter
54e6ded417 smartmontools: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-29 06:34:18 +00:00
Matthias Fischer
454c77d4c4 bind: Update to 9.11.17 
For details see:
https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html

"Notes for BIND 9.11.17

Feature Changes

The configure option --with-libxml2 now uses pkg-config to detect
libxml2 library availability. You will either have to install pkg-config
or specify the exact path where libxml2 has been installed on your
system. [GL #1635]

Bug Fixes

Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-28 18:38:24 +00:00
Arne Fitzenreiter
41ac6f547e Revert "core143: add dhcp" 
This reverts commit 804deb1b23.
 2020-03-28 09:42:20 +01:00
Arne Fitzenreiter
1b8a5da550 Revert "dhcp: Update to 4.4.2" 
dhcp 4.4.2 internally includes bind 9.11.14
this version not work on arm 32bit.

This reverts commit 417fd66045.
 2020-03-28 09:40:21 +01:00
Arne Fitzenreiter
0b1f09d581 core143: update local openssh config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 18:26:07 +00:00
Arne Fitzenreiter
9db0d4db5f core143: add backup.pl 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 18:03:19 +00:00
Arne Fitzenreiter
5562f26f69 vnstat: remove wrong tag file 
fixes #12305

I had created this tag file to ship the folder but vnstat doesn't like empty files.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:56:23 +00:00
Markus Untersee
d2738c4c3c vnstat: Add restart command. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:51:28 +00:00
Stefan Schantl
7ad653cc09 ovpnmain.cgi: Validate CCDNet name when renaming it. 
Fixes #12282

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:51:04 +00:00
Arne Fitzenreiter
5c1c9938eb core143: add firewall initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:50:26 +00:00
Peter Müller
5dba838282 avoid emitting VPN traffic to the internet if the IPS crashed 
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or
OpenVPN) destinations was emitted to the internet (ppp0 or red0
interface) directly if the IPS was enabled but crashed during operation.

This patch places the IPSECBLOCK and OVPNBLOCK chains before the
ones responsible for forwarding traffic into the IPS.

Thanks to Michael for his debugging effort.

Partially fixes #12257

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:49:43 +00:00
Arne Fitzenreiter
5d957b01c9 core143: add libtool 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:48:18 +00:00
Matthias Fischer
ff3c71fb48 libtool: Update 2.4.6 
For details see:
https://savannah.gnu.org/forum/forum.php?forum_id=8210

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:46:59 +00:00
Arne Fitzenreiter
804deb1b23 core143: add dhcp 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:46:05 +00:00
Matthias Fischer
417fd66045 dhcp: Update to 4.4.2 
For details see:
https://downloads.isc.org/isc/dhcp/4.4.2/dhcp-4.4.2-RELNOTES

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:45:10 +00:00
Arne Fitzenreiter
0167befa0a core143: add logwatch 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:44:08 +00:00
Matthias Fischer
cd9fc42d96 logwatch: Update to 7.5.3 
For details see:
https://sourceforge.net/p/logwatch/activity/?page=0&limit=100#5e27da933241d23c845e8cce

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:43:18 +00:00
Arne Fitzenreiter
67345f5665 core143: add openssh 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:41:57 +00:00
Peter Müller
0017b688e8 ssh_config: Do not set defaults explicitly 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:52 +00:00
Peter Müller
57302eeb16 sshd_config: Do not set defaults explicitly 
In order to keep configurations as small as possible and to make them
easier to read/audit, this patch omits all default configuration in the
OpenSSH server configuration file.

Further, it mentions where to refer for the full documentation.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:50 +00:00
Peter Müller
3fd3f4de44 OpenSSH: update to 8.2p1 
Please refer to https://www.openssh.com/txt/release-8.2 for release
announcements. Since glibc < 2.31 is used, no additional patching was
required in order to restore correct login functionality.

Cc: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:06 +00:00
Arne Fitzenreiter
a48d35f3ff smartmontools: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:38:32 +00:00