add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.
This also fix the hung at dhcpd shutdown.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
By feeding more random bits into mmap allocation, the
effectiveness of KASLR will be improved, making attacks
trying to bypass address randomisation more difficult.
Changed sysctl values are:
vm.mmap_rnd_bits = 32 (default: 28)
vm.mmap_rnd_compat_bits = 16 (default: 8)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please note:
If this gets merged, the update process must deal with the otherwise remaining
files in '/usr/share/vim74' (~16 MB).
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore.
The function used to verify that is used from general-functions.pl.
Now the function 'validemail' allows the underscore in the address.
Fixes: #12070
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These were missing in Core Update 132, and some strings
(especially on the "CPU vulnerabilities" page) missed translations.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Directly implement the logic to determine the used ruleset and if
IDS or IPS mode should be used into the function instead of pass those
details as arguments.
This helps to prevent from doing this stuff at several places again and again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate. Also add
a script to be run on update to correct existing downloaded rules.
Fixes#12086
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Just cosmetics:
Removed all trailing spaces - there were a few...
Activated 'monit' start delay:
I activated this option to avoid running into a race condition while started through
'/etc/init.d/monit start'.
As mentioned in 'monit' manual:
"...if a service is slow to start, Monit can assume that the service is not running
and possibly try to start it [again] and raise an alert, while, in fact the service
is already about to start or already in its startup sequence."
This happened here during testing with (e.g.) Clamav.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
