webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-07 13:36:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,375 Commits 2 Branches 1 Tag
1cd27f38e6b9d617f167427eeb451d73e21c1352
Commit Graph

6086 Commits

Author SHA1 Message Date
Peter Müller
1cd27f38e6 lynis: update to 3.0.1 
Full changelog obtained from: https://cisofy.com/changelog/lynis/#301

- Detection of Alpine Linux
- Detection of CloudLinux
- Detection of Kali Linux
- Detection of Linux Mint
- Detection of macOS Big Sur (11.0)
- Detection of Pop!_OS
- Detection of PHP 7.4
- Malware detection tool: Microsoft Defender ATP
- New flag: --slow-warning to allow tests more time before showing a
warning
- Test TIME-3185 to check systemd-timesyncd synchronized time
- rsh host file permissions

- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash
versions
- BOOT-5122 - Presence check for grub.d added
- CRYP-7902 - Added support for certificates in DER format
- CRYP-7931 - Added data to report
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
- FILE-6430 - Don't grep nonexistant modprobe.d files
- FIRE-4535 - Set initial firewall state
- INSE-8312 - Corrected text on screen
- KRNL-5728 - Handle zipped kernel configuration correctly
- KRNL-5830 - Improved version detection for non-symlinked kernel
- MALW-3280 - Extended detection of BitDefender
- TIME-3104 - Find more time synchronization commands
- TIME-3182 - Corrected detection of time peers
- Fix: hostid generation routine would sometimes show too short IDs
- Fix: language detection
- Generic improvements for macOS
- German translation updated
- End-of-life database updated
- Several minor code enhancements

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:33:14 +00:00
Michael Tremer
7f235b5b01 core153: Ship location-block.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:32:29 +00:00
Michael Tremer
f717db9172 core153: Ship tzdata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:30:58 +00:00
Peter Müller
699c61109a tzdata: update to 2020d 
The pacificnew file has been dropped by IANA. Adding the "factory" file
makes sense to have a reasonable default in case the time zone is
unknown, which, however, should not happen in case of IPFire 2.x - just
trying to be consistent here.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:30:38 +00:00
Michael Tremer
3bd2e64eb2 core152: Ship file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:29:44 +00:00
Peter Müller
f55a00fea3 file: update to 5.39 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-05 23:29:18 +00:00
Michael Tremer
0f2d70a313 core153: Ship bash 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-03 10:39:08 +00:00
Michael Tremer
1b2ddfa449 core153: Ship hwdata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-11-03 10:37:56 +00:00
Michael Tremer
9c6fd77927 core153: Ship libarchive 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-30 16:29:39 +00:00
Michael Tremer
62efd2e9d2 libarchive: Ship on core system 
Some tools link against this

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-30 16:29:02 +00:00
Michael Tremer
7f5d63c9e6 core153: Ship usb_modeswitch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-30 15:20:33 +00:00
Ramax Lo
5cbc22ffa6 usb_modeswitch_data: update to 20191128 
Signed-off-by: Ramax Lo <ramaxlo@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-30 15:18:04 +00:00
Michael Tremer
9d29a52d7d core153: Ship NTP changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-30 15:11:05 +00:00
Michael Tremer
ae432a5f39 core153: Ship language files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-29 13:49:40 +00:00
Michael Tremer
af94be24fe core153: Ship logwatch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-28 11:55:48 +00:00
Michael Tremer
8a2105b284 core153: Ship updated index.cgi and vpnmain.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 18:38:35 +00:00
Peter Müller
3e19f681a1 drop SpamAssassin add-on 
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
    firewall for security purposes. (We can make do with Postfix, as it
    is known for being a very robust MTA and providess less attack
    surface than something actually inspecting transferred messages.)

Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:58:35 +00:00
Peter Müller
6483ec30b9 drop Amavis add-on 
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
    firewall for security purposes. (We can make do with Postfix, as it
    is known for being a very robust MTA and providess less attack
    surface than something actually inspecting transferred messages.)

Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:58:20 +00:00
Michael Tremer
c472a30f30 core153: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:52:48 +00:00
Stefan Schantl
0cdb151831 suricata: Update to 6.0.0. 
* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.

Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:50:56 +00:00
Michael Tremer
150378eae9 Start Core Update 153 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-27 11:50:10 +00:00
Michael Tremer
d4afeb5250 core152: Ship CA certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-23 15:52:18 +00:00
Michael Tremer
449b1aeea7 core152: Ship proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-19 09:26:17 +00:00
Michael Tremer
7ad39d931a core152: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:35:13 +00:00
Michael Tremer
488f36e446 core152: Ship libhtp 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:34:25 +00:00
Michael Tremer
43e1c88ea4 core152: Ship yaml 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:33:59 +00:00
Stefan Schantl
d95cc821e7 yaml: Update to 0.2.5 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-15 15:33:44 +00:00
Michael Tremer
cbd0df20ed Merge branch 'master' into next 2020-10-14 10:35:41 +00:00
Michael Tremer
c69c820025 firewall: Filter only on RED and exclude any private address space 
Since libloc is built as a tree we cannot simply exclude any address
space in the middle of it. Therefore we create some firewall rules
which simply avoid checking non-globally routable address space.

Fixes: #12499
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-14 11:32:05 +01:00
Michael Tremer
64c8811dee samba: Update rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-14 09:53:30 +00:00
Michael Tremer
7dea42ae84 samba: Drop PDC default configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:17 +01:00
Michael Tremer
be1554336d samba: Export all printers from CUPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
97722ab69d samba: Remove printer management 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
a88ea3463c samba: Remove help popup 
This is outdated and should be put into the wiki.

It is also some very ugly JS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
5aa5f6777a samba: Remove reset options 
This only requires that we have to change multiple files with
the same settings.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
13e455aec7 samba: Log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
971f93ab12 Merge remote-tracking branch 'origin/master' into next 2020-10-12 20:21:09 +00:00
Michael Tremer
a836a2787c core151: Remove multiple calls of rm 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:07:30 +00:00
Matthias Fischer
decb7e61f1 update.sh: Delete obsolete files from Net-DNS 1.25 
Fixes Bug #12491

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:06:42 +00:00
Michael Tremer
79131c6e47 firewall hits graph: Fix order of values 
The fields were mixed up and therefore graph showed incorrect
values.

Fixes: #12496
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:27:15 +00:00
Matthias Fischer
add03100a5 nano: Update to 5.3 
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:42 +00:00
Michael Tremer
63d55ec0c9 core152: Ship knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:27 +00:00
Michael Tremer
b98d3a7e10 core152: Ship unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:06:22 +00:00
Matthias Fischer
14f02911df unbound: Update to 1.12.0 
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-October/006979.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:04:28 +00:00
Michael Tremer
e0aad107b5 Merge branch 'master' into next 2020-10-10 11:49:07 +00:00
Michael Tremer
a9f69cbf01 core151: Apply local SSH configuration 
Fixes: #12494
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:48:26 +00:00
Michael Tremer
5e4f76bb71 core151: Ship /etc/os-release 
Fixes: #12495
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:43:44 +00:00
Jonatan Schlag
bd78dec95b Borgbackup: Ship testsuite also for i586 and armv5tel 
Fixes: #12438

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:42:09 +00:00
Michael Tremer
d5808f3095 core152: Fix typo in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 14:27:29 +00:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00