We disable cores if the are affected by some cpu vulnerabilities
this cores report errors if you try to change the settings.
So only print the output for core0 and hide it for all cores.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the initskript loads a test-modul for amd-pstate (which traces on intel)
and off course reports errors if firmware settings are missing.
this also fix the error at start because also amd-pstate doesn't support
ondemand mode.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- The PT Attack ruleset has not been updated since 2021 and made read-only in 2022
The PT Attack website no longer has any reference to Suricata Rulesets. The PT Attack
ruleset is being removed.
- The Secureworks three rulesets are no longer available. The website path gives a 404
error. No mention of Suricata rulesets in the Secureworks website. The Secureworks three
rulesets are being removed.
- ThreatFox ruleset has been added to the list. Both a plain and archive version of the
rules are available but the plain version is being regularly updated while the archive
version was last updated 5 days ago. So this patch has implemented the plain version.
- All above was discussed in the January Developers Conference call.
- Tested out on my vm testbed. I had PT Attack selected as one of the providers. As
mentioned by Stefan removing PT Attack means it is not available in the list of
providers but the provider stays in the providers table but with the line shown in red.
I will update the wiki to mention the red highlight and what it means.
Suggested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- OpenSSL was updated to 3.1.4 in CU181 and to 3.2.1 in CU183 but in both cases freeradius
was not incremented to cause it to be shipped.
- This patch increments the freeradius PAK_VER to ensure it will be shipped.
Fixes: Bug#13590
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT
rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error
message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases
of the DROP_HOSTILE being present or not depending on the history and if a backup with
logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not
split
- There might be a simpler or better approach than this but it was the only option I
could identify. I couldn't find anything about being able to use if loops within the
RRD::Graph loop
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In IPFire 2, we don't make any use out of the debug information.
Therefore we can tell the compiler to generate as minimal debug
information as possible in order to have a faster compilation process.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
we had discussed this on december telco but it is not so
easy because our menusystem only shows entry's existing cgi's.
so i add a cgi redirect to http://$ENV{SERVER_ADDR}:3000
this add the entry under pakfire and also to service page.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 6.0.15 to 7.0.2
- Update of rootfile
- suricata 7.0.2 requires libhtp >= 0.5.45
it also requires libelf.so.1 for execution. Previous suricata versions only required
libelf for building. libelf or elfutils are not mentioned anywhere in the changelog
- Without elfutils available during starting then suricata fails to start due to
libelf.so.1 not being available.
- Tested out suricata7 with elfutils on my vm testbed and it successfully started.
- The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this
is not available in suricata-7.0.2. It looks like that patch was never actually used in
suricata as all the builds I checked used the configure file from the source tarball
and the configure was never created by running autoconf on the configure.ac
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball
Fixes: Bug#13516
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Excerpts from changelog:
"Major changes
Added support for extracting and scanning attachments found in
Microsoft OneNote section files. OneNote parsing will be enabled by
default, but may be optionally disabled using one of the following
options:
a. The clamscan command line option: --scan-onenote=no,
b. The clamd.conf config option: ScanOneNote no,
c. The libclamav scan option options.parse &= ~CL_SCAN_PARSE_ONENOTE;,
d. A signature change to the daily.cfg dynamic configuration (DCONF).
Other improvements
Fixed issue when building ClamAV on the Haiku (BeOS-like) operating
system. Patch courtesy of Luca D'Amico
ClamD: When starting, ClamD will now check if the directory specified
by TemporaryDirectory in clamd.conf exists. If it doesn't, ClamD will
print an error message and will exit with exit code 1. Patch courtesy
of Andrew Kiggins.
CMake: If configured to build static libraries, CMake will now also
install the libclamav_rust, libclammspack, libclamunrar_iface, and
libclamunrar static libraries required by libclamav.
Note: These libraries are all linked into the clamscan, clamd, sigtool,
and freshclam programs, which is why they did not need to be installed
to function. However, these libraries would be required if you wish to
build some other program that uses the libclamav static library.
Added file type recognition for compiled Python (`.pyc`) files.
The file type appears as a string parameter for these callback
functions:
- clcb_pre_cache
- clcb_pre_scan
- clcb_file_inspection
When scanning a `.pyc` file, the `type` parameter will now show
"CL_TYPE_PYTHON_COMPILED" instead of "CL_TYPE_BINARY_DATA".
Improved support for decrypting PDFs with empty passwords.
Assorted minor improvements and typo fixes.
Bug fixes
Fixed a warning when scanning some HTML files.
Fixed an issue decrypting some PDF's with an empty password.
ClamOnAcc: Fixed an infinite loop when a watched directory does not
exist.
ClamOnAcc: Fixed an infinite loop when a file has been deleted before a
scan.
Patch courtesy of gsuehiro.
Fixed a possible crash when processing VBA files on HP-UX/IA 64bit.
Patch courtesy of Albert Chin-A-Young.
ClamConf: Fixed an issue printing `MaxScanSize` introduced with the
change to allow a `MaxScanSize` greater than 4 GB.
Fix courtesy of teoberi.
Fixed an issue building a ClamAV RPM in some configurations.
The issue was caused by faulty CMake logic that intended to create an
empty database directory during the installation."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
