webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 04:05:53 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,276 Commits 2 Branches 1 Tag
37a83c83cdff0fc652189792d73ee12dad10edcd
Commit Graph

6607 Commits

Author SHA1 Message Date
Michael Tremer
fabe150953 core132: Ship updated suricata initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:56:07 +01:00
Michael Tremer
a1cd844f71 core132: Ship updated convert-snort script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:55:22 +01:00
Stefan Schantl
25d424387e convert-snort: Fix ownership of the generated homenet file. 
Fixes #12059.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:54:54 +01:00
Alexander Koch
6088176639 core132: Bugfix for typo in filelist 
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:53:36 +01:00
Michael Tremer
5061292091 suricata: EXTERNAL_NET should equal any 
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:45:42 +01:00
Michael Tremer
f27bac491a core132: Ship updated list of mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:20:14 +01:00
Alexander Koch
68d7ae338e apache / WPAD: Add correct MIME type for wpad.dat and proxy.pac 
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.

See: http://findproxyforurl.com/deploying-wpad/

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:19:43 +01:00
Michael Tremer
2dd5e64592 suricata: Do not always convert rules to be bi-directional 
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:18:07 +01:00
Michael Tremer
e967871e8f Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:21:46 +01:00
Michael Tremer
08caa596fa core132: Ship WPAD/proxy changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:20:06 +01:00
Jonatan Schlag
43c3a386d1 Add new package libseccomp 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:12:50 +01:00
Michael Tremer
75faf7ac4f core132: Ship changed suricata configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:10:47 +01:00
Stefan Schantl
6e7c8a3303 suricata: Disable stats.log 
This log is mainly needed for debugging the IPS. It writes some stats
every couple of seconds and will create some load on SD cards and other
cheap storage that we do not need.

Fixes #12056.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:09:21 +01:00
Michael Tremer
7af7ced6fc Start Core Update 132 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:07:43 +01:00
Michael Tremer
64aed99df6 suricata: Change runmode to workers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-17 19:15:29 +01:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Michael Tremer
26dc79a6fe suricata: Do not let oinkmaster be too verbose 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-17 21:24:25 +01:00
Michael Tremer
e96adc7797 suricata: Redirect oinkmaster output to perl function 
The output was written to stderr before and landed in apache's
error log where we do not want it.

Fixes: #12004
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-17 20:59:55 +01:00
Arne Fitzenreiter
e91c83490b wireless-regdb: update to 2019.03.01 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-16 18:05:18 +02:00
Michael Tremer
fea27a56f7 haproxy: Backup certificates, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-16 13:23:17 +01:00
Michael Tremer
175f5c060e backup: Allow passing name of tarball for creation/restore 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-16 13:22:10 +01:00
Michael Tremer
820b290982 Move IPS to a higher position in the Firewall menu 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 23:32:57 +01:00
Michael Tremer
e8b389e0f0 core131: Ship PTR changes in hosts.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 23:02:57 +01:00
Michael Tremer
32e7b93c28 udev: Rename interfaces when MACs are uppercase 
The script relied on the configuration being in lowercase.

If people manually editied their configuration file they might
not have paid attention to this and therefore this script now
also accepts uppercase MAC addresses.

Fixes: #12047
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 21:59:41 +01:00
Michael Tremer
dccbdf5b97 suricata: Take as much off of the CPU as possible 
https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performance-config.html

This will compile the ruleset as efficient as possible and
allows the IPS to run faster on smaller systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-12 17:59:21 +01:00
Michael Tremer
2c44da1382 core131: Ship updated setup 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 10:29:56 +01:00
Alexander Koch
41b7369f80 zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user 
Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this.

See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_within_sudoers

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 07:55:10 +01:00
Arne Fitzenreiter
d27675b081 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-04-11 07:31:11 +02:00
Arne Fitzenreiter
a2907cdd9f Merge remote-tracking branch 'origin/master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-11 07:30:26 +02:00
Michael Tremer
af9aa1556e core130: Ship updated apache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 12:33:50 +02:00
Matthias Fischer
0971726e13 apache: Update to 2.4.39 
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 12:29:41 +02:00
Arne Fitzenreiter
6fc3f2e685 core130: insert a core update for urgent fixes. 
the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:31:23 +02:00
Arne Fitzenreiter
e7dafc3e3e core130: ship strongswan 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:30:26 +02:00
Michael Tremer
f0ce8b2c88 core130: Ship perl-Net-SSLeay 
This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:24:17 +02:00
Michael Tremer
49ce16f9be core130: Ship updated wget 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:21:15 +02:00
Matthias Fischer
bfd5cfa9c6 clamav: Update to 0.101.2 
For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:19:34 +02:00
Michael Tremer
a485606c27 ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:18:42 +02:00
Stefan Schantl
ee82349a0e convert-snort: Re-order steps at end of script 
This will ensure that the whole IDS is configured property, if
no or an empty snort config file is present.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Stefan Schantl
e4bc9b8b6f convert-snort: Fix logic for detecting enough free disk space. 
The subfunction only will return something if the check fails - so the logic
of the if statement was wrong set and the downloader only was called if
this check failed and to less diskspace would be available.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Michael Tremer
ee53381ab1 core130: Ship SSH Agent Forwarding changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Arne Fitzenreiter
4f30ce49b3 rename core130 -> core131 
we need to insert a core update to fix urgent bugs

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:49:20 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
47204d12f1 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:12 +02:00
Arne Fitzenreiter
5f9bf17d76 core130: update pakfire database after version change 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 17:31:12 +02:00
Michael Tremer
c557356ea4 core130: Ship perl-Net-SSLeay 
This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 11:56:58 +01:00
Arne Fitzenreiter
0265f51e9f core130: remove lm_sensors config 
the sensor search has to redone after boot the new kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 18:19:50 +02:00
Arne Fitzenreiter
ca7af38203 core130: ship setup binary 
The setup contain a IPFire version string.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:24:46 +02:00
Arne Fitzenreiter
44b0afe029 core130: ship pakfire version update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:13:43 +02:00
Arne Fitzenreiter
83c956c3c8 core130: add kernel to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:01:08 +02:00
Michael Tremer
f903d3a6f0 suricata: Disable CPU affinity 
Benchmarks have shown, that this is making the IPS slower
across various hardware

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 22:02:53 +01:00