webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,381 Commits 2 Branches 1 Tag
40407aee99546b4f25632bcaeb796d2a53cb1bcb
Commit Graph

13381 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
2c703afc04 core130: Ship updated ntp 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:30:22 +00:00
Matthias Fischer
f81c222519 ntp: Update to 4.2.8p13 
For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:58 +00:00
Stefan Schantl
728f3d2e8f suricata: Fix ownership and file permissions of files inside /var/lib/suricata. 
These files needs to have nobody.nobody as owner but requires read-acces from everyone
to allow the suricata user reading-in this files during startup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:30 +00:00
Stefan Schantl
7bf5b0f221 logs.cgi/ids.dat: Fixup processing dates from logfiles which contains a year 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:27:55 +00:00
Michael Tremer
e1d9148b61 Fix python3-yaml rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 10:00:19 +00:00
Stefan Schantl
9c4477d0f3 core130: Fix another error in rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 14:36:15 +00:00
Michael Tremer
03f68cbca9 core130: Fix errors in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 13:20:23 +00:00
Michael Tremer
710afa00c6 Update IPS translation 
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 17:18:21 +00:00
Michael Tremer
acb718b0bb nut: Disable parallel build 
nut just fails to build when running in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 14:01:45 +00:00
Michael Tremer
f9219b91a1 core130: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:48:25 +00:00
Michael Tremer
3bc001dbf9 Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:56 +00:00
Michael Tremer
cdfbdd1ada Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:22 +00:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
c578cbd35f core130: Ship updated firewall script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:16:33 +00:00
Peter Müller
5fc5f70347 add IPtables chain for outgoing Tor traffic 
If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.

Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.

Partially fixes #11779.

Singed-off-by: Peter Müller <peter.mueller@ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:38 +00:00
Peter Müller
4680d554fc run Tor under dedicated user 
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:18 +00:00
Michael Tremer
b450e7e3e6 Start Core Update 130 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:03 +00:00
Stefan Schantl
e776d33c70 suricata: Fix amount of listened nfqueues 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 12:14:30 +01:00
Peter Müller
4fc1a0045b amavisd: update to 2.11.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Peter Müller
867151a8b2 Postfix: update to 3.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Michael Tremer
5ea26096ca installer: Set the clock correctly when installing over network 
If a system has a not very up to date clock, downloading files
over HTTPS is impossible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Arne Fitzenreiter
9deeda77b6 core129: finish update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:18:52 +01:00
Arne Fitzenreiter
668119063c u-boot: try to boot without ramdisk if the system cannot load it 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:17:28 +01:00
Arne Fitzenreiter
eaf004a468 knot: update to 2.8.0 and build/install only kdig 
This fix compile errors on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:06:23 +01:00
Arne Fitzenreiter
b57220aacd groff: update to 1.22.4 
This fix compile problems on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:04:40 +01:00
Stefan Schantl
e8b1b397c1 suricata: Remove unneeded stuff during build 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 10:03:48 +01:00
Arne Fitzenreiter
c448474fc7 Revert "kernel: cleanup unused rpi patch" 
This reverts commit a2d49659f3.

The patch is still needed to prevent strange crashes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 09:39:07 +01:00
Michael Tremer
beac548962 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:45 +00:00
Michael Tremer
e26e86dcaa core129: Ship updated dnsforward.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:04 +00:00
Michael Tremer
56947acb12 Merge remote-tracking branch 'ms/dns-forwarding' into next 2019-03-11 15:57:15 +00:00
Michael Tremer
f1042a5d44 core129: Ship updated dhcp.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:54:19 +00:00
Michael Tremer
8288c0394b Merge remote-tracking branch 'ms/dhcp' into next 2019-03-11 09:53:56 +00:00
Peter Müller
04f9321955 Tor WebUI: drop relay bandwith options < 1 MBit/s 
Tor requires at least 1 MBit/s in order to participate.

Fixes #12001

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:52:54 +00:00
Michael Tremer
199db95a70 dnsdist: Limit to fewer concurrent build processes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:38:56 +00:00
Michael Tremer
61424e9c67 core129: Ship updated less 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:23:22 +00:00
Peter Müller
9f7524c8b0 less: update to 530 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:53 +00:00
Peter Müller
e29c6d29c9 Postfix: update to 3.4.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:39 +00:00
Matthias Fischer
15b1a3e360 slang: revert parallelized build 
This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=217e74c77317d4c829913f934458779fd278bf29;hb=23164efba5f57b3d8ccb07a166b613f2f951e1b6

'slang 2.3.0' doesn't like "$(MAKETUNING)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:21 +00:00
Stefan Schantl
f717b1dc55 IDS: Set owner of suricata logging directory to correct user 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:52:40 +01:00
Stefan Schantl
fd378b3b08 Rename snort user and group to suricata 
This only affects new installations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:50:37 +01:00
Michael Tremer
38081b8be1 suricata: Run as non-root user 
This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:02:39 +01:00
Stefan Schantl
2bec60c347 suricata: Update to 4.1.3 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 17:34:03 +01:00
Stefan Schantl
1fbf0788bf Move IDS/IPS menu entry to firewall section 
Fixes #12011.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 13:27:52 +01:00
Michael Tremer
50fcec161c /etc/group: Order groups by ID 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 10:11:23 +00:00
Michael Tremer
3d0a190843 /etc/passwd: Order users by ID 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 10:08:02 +00:00
Michael Tremer
7996c5fee9 zabbix_agent: Create /var/run/zabbix in initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 10:04:28 +00:00
Michael Tremer
661fdb02c2 zabbix_agent: Ensure that the user exists on all systems 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 09:58:56 +00:00
Alexander Koch
06fc6170a2 zabbix_agentd: New addon 
New addon for monitoring IPFire by Zabbix Monitoring (https://www.zabbix.com/features).
See https://forum.ipfire.org/viewtopic.php?f=52&t=22039 and https://lists.ipfire.org/pipermail/development/2019-February/005324.html for further details.

Best regards,
Alex

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 09:55:18 +00:00
Erik Kapfer
57d1564b3e iptables: Commented legacy ip(6)tables entries from ROOTFILE 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-08 09:49:07 +00:00
Michael Tremer
c0ac5ae2a7 installer: Download ISO via HTTPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-07 11:27:19 +00:00