This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.
It also removes the configuration options in the web
user interface, since this is not configurable any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If one has an IPSec network named "aaa" and an OpenVPn Host with the same name
it was not possible to group them together because of the same name.
Now the Network type is also checked wich allows Entries with same name, but different networks.
Fixes: #11242
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I did the following:
- Rearranged the fields on 'guardian.cgi' a bit - in a (hopefully) logical manner,
so that they don't need so much room.
- Added some translation-strings and explanations to (revised) 'guardian.cgi'.
- Added missing language string(s), deleted obsolete.
- Deleted all guardian entries from standard language files in
'/var/ipfire/langs'-directory.
- Added (upgraded) addon-specific language files to '/var/ipfire/addon-lang'-directory.
I hope, I didn't forget something...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
We have only one english wiki, so the link to the list of public
dns servers can point directly to the right page.
(The link was also not correct).
Fixes: #11191
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When using dnat addresses, it is possible to use big subnets and host addresses like 172.16.0.0/12.
These addresses where rejected because it was recognised as network address.
The check is now removed.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
fixes: #11177
There are providers which do not use passwords anymore.
For this reason the password field is no longer mandatory.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The options for configuring the log file location and
snort alert priority level now dynamically will be
displayed or hidden if the desired options or feature
is not used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will allow to choose between DROP and REJECT if guardian blocks an
attackers address.
Fixes #10xxx.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Add support and usage of the recently introduced feature of
including other files in the ignore file to add
the red related IP-addresses to the ignore list on IPFire
systems.
Also use reload-ignore-list feature instead of reloading the
whole configuration on ignore list modifications.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is responsible for collecting all required data,
like the green, blue, orange (if the interfaces are available),
red, gateway and used DNS server IP-addresses.
It will add als these addresses and the configured and enabled
user-defined ignored addresses/networks to the ignore file of
guardian to prevent from blocking any of them.
Note:
The IPFire and RED inteface related addresses also will be added
to the ignore file, even if there is no user-defined entry in the
list.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The CGI now uses an own ignored configuration file for
storing host addresses and/or subnets which should be
ignored by guardian.
This allows to add remarks for them and to enable or disable
each entry individally at any time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rework the GetBlockedHosts() to use the "getipstat" binary
instead of the not longer available "guardianctrl" binary.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The guardianctrl binary does not longer exists, use
the Guardian::Socket module to send various commands
by using the provided socket client.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The config file format and values have been changed, so the
code to do the generation has to be adjusted.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rename the hash key names of enabled parser modules,
(services which should be monitored by guardian) to
keep the same name sheme than in the guardian config
file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When the owncloud addon is not installed, this value was not
initialized correctly.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
