webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,095 Commits 2 Branches 1 Tag
68b8511f1dbceb267429a4f71f94ccba262e94de
Commit Graph

2798 Commits

Author SHA1 Message Date
Stefan Schantl
1e52a25825 ids.cgi: Regenerate ruleset if a provider get re-enabled. 
Otherwise it could happen, that there are no rules files for this
specific provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
724f98c086 ids.cgi: Fix check when changing the IDS to monitor mode or drop mode. 
The test condition was wrong here and therefore oinkmaster never has
been executed when this setting has been changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
7131a7bd94 ids.cgi: Allow whitespaces when parsing the rules files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
ded4348d0d ids.cgi: Do not expect a space before the sid when parsing rulefiles. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
4015d3f499 ids.cgi: Sort elements in providers dropdown menu. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
69b3156f74 IDS: Move read_enabled_disabled_sids_file() function to ids-functions.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
515a694d1c ids.cgi: Add code to handle the reset of a provider to it's defaults. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
f3d421a3b1 ids.cgi: Make backend code for forced ruleset update working again. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
962e58cdd4 ids.cgi: Add section for additional provider actions. 
This section only will be displayed when an existing provider will be
edited and allows to reset a provider back to it's defaults or to force
a ruleset update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
7e1a09f925 ids.cgi: Fix display issue with colum backgound colour in provider list. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
0c5b2f6da3 ids.cgi: Handle oinkmaster provider includes when deleting a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
ce40fddefc ids.cgi: Fix function call of get_used_provider_rulesfile_file(). 
The function is locatated in the IDS module and therefore needs to be
called from there.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
eade546821 ids.cgi: Add/Remove provider file include in oinkmaster providers 
include file when toggeling a provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
5d523e4161 ids.cgi: Use get_oinkmaster_provider_modified_sids_file() function. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
15832b10c2 IDS: Redesign backend for enabled/disabled sids in rulefiles. 
The enabled or disabled sids now will be written to an own
provider exclusive configuration file which dynamically will
be included by oinkmaster if needed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
593abb3510 ids.cgi: Use get_ruleset_date() from ids-functions.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
02fee15e0e ids.cgi: Prevent from chainging the provider when editing an existing 
one.

This commit locks the dropdown menu for selecting a provider, in case
an existing one should be edited.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
1fa187335b ids.cgi: Add hardcoded error message to language files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
4b6cf2a54a ids.cgi: Fix check and message when trying to enable suricata without 
any enabled or no provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
106f00bdbb ids.cgi: Lock the CGI when a provder will be deleted. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
0943ad8c3f ids.cgi: Drop old code to handle the settings of the ruleset section. 
This entirely has been replaced by the providers section and the code to
handle the actions of this section.

Therefore this code is not longer needed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
2fded6d2ad ids.cgi: Finish code to handle the removal of a provider from the list. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
a2b4488ae5 ids.cgi: Finish code to handle toggeling a provider enabled/disabled. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:42 +01:00
Stefan Schantl
ddaf8ae1a8 IDS: Redesign backend for used provider rulesfiles. 
The selected rulesfiles of a provider now will be written to an own
provider exclusive yaml file, which will be included dynamically when
the provider is enabled or not.

This allows very easy handling to enable or disable a provider, in this
case the file which keeps the enabled providers rulesets only needs to
be included in the main file or even not.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:32 +01:00
Stefan Schantl
b734df0e12 ids.cgi: Add action if a new provider is added. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:00 +01:00
Stefan Schantl
3daa300025 ids.cgi: Use get_used_rulesfiles function from ids-functions.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:00 +01:00
Stefan Schantl
73eb03a333 ids.cgi: Add code to handle enable/disable a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:59 +01:00
Stefan Schantl
9bf260ded2 ids.cgi: Add code to handle enable/disable autoupdate for a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:59 +01:00
Stefan Schantl
7323c72d03 ids.cgi: Fix type in method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:59 +01:00
Stefan Schantl
2acb3c8d00 ids.cgi: Remove accidently commited commented code snipped. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:59 +01:00
Stefan Schantl
bb4c30c653 ids.cgi: Correctly use "enabled" for checked checkboxes. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:59 +01:00
Stefan Schantl
aba3cbe5bc ids.cgi: Read-in providers settings file when neccessary. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:58 +01:00
Stefan Schantl
4c067847c5 ids.cgi: Add code to add/edit a ruleset provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:58 +01:00
Stefan Schantl
2f252efa0d ids.cgi: Rework rulesetsettings section. 
* The page and section now supports multiple ruleset providers at once.
* Adding / Editing a ruleset provider has been moved to a own sub-page.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:58 +01:00
Stefan Schantl
77351a6b76 ids.cgi: Move configuration of ruleset autoupdate intervall to IDS main 
section.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:58 +01:00
Stefan Schantl
87df37da7a ids.cgi: Stop showing ruleset date on customize rulest sub-page. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:22:47 +01:00
Stefan Schantl
4efc8ccd8a ids.cgi: Add "Back" button to customize ruleset sub-page. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
2bbe6ede23 ids.cgi: Move / Splitt main page and customize ruleset subpage. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
a468b62b62 ids.cgi: Only read-in ruleset if neccessary. 
This process takes some time, especially on huge rulesets.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
dd2ce333f7 ids.cgi: Add button to customize the ruleset. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
019e5e9baf ids.cgi: Introduce and use get_provider_name() function. 
This function is used to grab the name of a provider by the given
handle.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
fed57fe7f0 ids.cgi: Move the section to customize the IDS ruleset to a function. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
1033cf2d0a ids.cgi: Remove unused rulesetsources hashes. 
They have been superseeded by the new ruleset sources file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Stefan Schantl
3e12c6e688 ids.cgi: Make CGI work with new ruleset-sources file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:21:51 +01:00
Michael Tremer
45a5df5a5e backup: Fork ISO job into the background in CGI script 
In order to be able to run the ISO command on command line it is helpful
that the script does not go into background halfway through the process.

We should rather start it as a background job straight from the CGI
script.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-12-14 14:39:26 +01:00
Michael Tremer
1580d3b1a3 openvpn: Tie client to use IPv4 
OpenVPN might try to connect via IPv6 in rare occasions.

To avoid that, we can tell it to use IPv4 exclusively.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-12-03 22:41:33 +01:00
Arne Fitzenreiter
471e4846a3 index.cgi: set arch eol warning link color to white 
The link was red on red backround which is unreadable.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-12-02 12:59:13 +01:00
Arne Fitzenreiter
727c76f09a index.cgi: fix eol link 
<li> not official has a href parameter.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-12-01 07:42:06 +01:00
Jonatan Schlag
b55e2b8a35 Inform users about the eol of i?86 
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-11-30 07:54:46 +00:00
Michael Tremer
85d5f26fa9 ipsec: Prefer curve448 over curve25519 
Curve448 provides better cryptographic security. For more details see:

  https://bugzilla.ipfire.org/show_bug.cgi?id=12634

Fixes: #12634
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-11-24 09:14:52 +00:00