webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 18:03:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,525 Commits 2 Branches 1 Tag
15ca18a3d9efbe8879e8b22f1f72eaeb596ca2f9
Commit Graph

1106 Commits

Author SHA1 Message Date
Stefan Schantl
f5ad510e3c suricata: Use "2" as repeat-mark and repeat-mask. 
The previous used "1" was already used to mark source-natted
packets.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-17 15:04:48 +01:00
Michael Tremer
81e1e80e38 AWS: Prefer red* or eth* when importing configuration 
This change is necessary to make sure that the script prefers
are link with internet access. That would usually be red (after
the second boot) or eth* (on the first boot).

That allows (and ensures) that we can install packages in
the user-data script.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-12 11:36:44 +00:00
Stefan Schantl
a13ddf04d9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-12 09:27:59 +01:00
Arne Fitzenreiter
23a3aec100 cpufrequtils: update initskript for xz compressed modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-07 21:05:50 +01:00
Arne Fitzenreiter
56726ed954 rngd: update initskript and add hwrngtty support 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-06 22:33:05 +01:00
Michael Tremer
93363446e4 AWS: Add a timestamp to user-data.log 
This way, multiple (failed) runs of the script won't
overwrite the log file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-05 14:42:54 +00:00
Michael Tremer
1022b203ad AWS: Write user-data.log to /var/log 
This should not be in /root at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-05 14:38:28 +00:00
Michael Tremer
a4e3a76af9 bird: Add initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-01 16:13:25 +00:00
Michael Tremer
6dc7b04bea shairport-sync: Add initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-11 18:55:35 +00:00
Michael Tremer
95c60d31aa udev: Do not try to change kernel hotplug handler any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-07 20:27:35 +00:00
Michael Tremer
e300a3d138 udev: Do no try to install any device nodes any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-07 20:26:34 +00:00
Michael Tremer
c19d29f701 Revert "haproxy: Make /dev/log available in chroot" 
This reverts commit 699f0aa710.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-07 20:07:53 +00:00
Michael Tremer
9f60aa9679 syslog: Listen to network and block access from anywhere but localhost 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-11-07 20:07:53 +00:00
Michael Tremer
ed1349aa76 Merge remote-tracking branch 'ms/frr' into next 2018-10-31 09:31:38 +00:00
Michael Tremer
e1def10e29 frr: Set configuration file permissions correctly 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-30 17:32:48 +00:00
Michael Tremer
ebd6fe2b50 frr: Add initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-30 17:27:28 +00:00
Michael Tremer
aeefbca730 clamav: Move database directory to /var partition 
The clamav database is quite large and occupies valuable
space on the root partition that on older systems is only
2GB large. This change moves the virus definition database
to the /var partition which is larger and supposed to hold
data like this anyway.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-29 11:25:24 +00:00
Michael Tremer
699f0aa710 haproxy: Make /dev/log available in chroot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-10-22 21:40:56 +02:00
Stefan Schantl
2d475a3c6c Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2018-09-26 14:49:34 +02:00
Michael Tremer
b8fdc7398c static-routes: Make it clear that we are reloading routes 
When RED is brought down, we will reload all static routes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-13 15:03:59 +01:00
Michael Tremer
3da2a66193 aws: Don't update the system on first boot 
This will violate AWS policy and therefore had to be removed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-31 11:08:53 +01:00
Stefan Schantl
5f63067385 suricata: Fix initscript when using a single core machine 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 10:04:33 +02:00
Michael Tremer
95b87f39ac localnet: Set FQDN without using domainname command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-23 10:18:59 +01:00
Stefan Schantl
cb52183c6a Fix merge conflicts during merge of next and the suricata branch 2018-08-23 10:34:17 +02:00
Michael Tremer
84cd9b9162 Drop the network-trigger script 
This is done at boot time and doesn't normally need to be done again.

On AWS or in the setup, renaming any network interfaces is being
handled automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:05:43 +01:00
Michael Tremer
f3d59d2c94 firstsetup: There is no need to restart udev here 
All network interfaces are renamed accordingly in setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:02:43 +01:00
Michael Tremer
c5465a9453 aws: Let udev rename all network interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:00:39 +01:00
Stefan Schantl
55658ee381 suricata: Fix detection of enabled IDS on zone in initscript 
I accidently commited the wrong file in the previous commit.
This is the fixed and working version.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:45:47 +02:00
Stefan Schantl
00a031145e suricata: Give 644 permissions to the suricata pidfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:24:19 +02:00
Stefan Schantl
3c2c54831f suricata: Add code to create iptables rules to the initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:51:13 +02:00
Stefan Schantl
7c82ee6165 firewall: Add chains for IPS (suricata) 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:50:39 +02:00
Michael Tremer
046ef135e6 Merge remote-tracking branch 'origin/efi' into next 2018-08-16 12:49:13 +01:00
Michael Tremer
242cfc3395 localnet: Properly format and quote variables 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:42:25 +01:00
Michael Tremer
5b9f387d59 localnet: Correctly set domain name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:41:52 +01:00
Michael Tremer
96422f85b6 aws: Hide pakfire update output 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
40436fa149 aws: Write user-data log to file only 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
281d75c945 aws: Execute reboot when an update requires one 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
3eeff87fe6 Fix typo in unbound initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
9ae73c3090 aws: Set PATH to search in /usr/local/(s)bin 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
6cf586436b aws: Import pakfire keys before the first launch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
bd7d957fae aws: Log output of user-data script to /root/user-data.log 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
0ed9b77099 aws: Install all available updates first 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:11:08 +01:00
Michael Tremer
647ca912a2 aws: Setup DNS during init phase 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:10:13 +01:00
Michael Tremer
8defa50e73 aws: Execute user-data script while we have networking up 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-13 12:14:49 +01:00
Stefan Schantl
6187da5055 IDS: Add reload option to initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-11 22:28:07 +02:00
Michael Tremer
467581b8ab avahi: Update to 0.7 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-10 11:19:25 +01:00
Arne Fitzenreiter
79bcc6f769 collectd: fix cpufreq plugin enable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-03 16:13:12 +02:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Michael Tremer
0cf70cae66 aws: Disable SSH password authentication by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-30 16:54:50 +01:00