webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,382 Commits 2 Branches 1 Tag
6c9458342b72d5eef122e4e146872ded98751d05
Commit Graph

3322 Commits

Author SHA1 Message Date
Stefan Schantl
82979dec36 IDS: Introduce update-ids-ruleset 
This script periodly will be called by fcron
and is responsible for downloading and altering
the ruleset, if autoupdate of the configured ruleset is
enabled.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 14:11:31 +02:00
Stefan Schantl
6ce504a2f2 suricatactrl: Add "cron" command 
This command allows to enable the automatic update
of the used IDS ruleset and to specify the update interval.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 13:54:14 +02:00
Stefan Schantl
21cab141ec suricata: Rule files are now located in /var/lib/suricata 
Place the rulefiles from now in "/var/lib/suricata".

Fixes #11834

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-29 12:37:44 +02:00
Stefan Schantl
e568796bb0 ids-functions.pl: Also check and fix the permissions of rulespath 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-25 15:48:58 +02:00
Stefan Schantl
68123effb8 suricatactrl: Add fix-rules-dir command 
This command is used to set the ownership and permissions
back to nobody:nobdoy which is used by the WUI to write the
ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:54:34 +02:00
Stefan Schantl
9074853d8d suricatactrl: Add reload command 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:27:01 +02:00
Stefan Schantl
5f63067385 suricata: Fix initscript when using a single core machine 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 10:04:33 +02:00
Stefan Schantl
cb52183c6a Fix merge conflicts during merge of next and the suricata branch 2018-08-23 10:34:17 +02:00
Michael Tremer
84cd9b9162 Drop the network-trigger script 
This is done at boot time and doesn't normally need to be done again.

On AWS or in the setup, renaming any network interfaces is being
handled automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:05:43 +01:00
Michael Tremer
f3d59d2c94 firstsetup: There is no need to restart udev here 
All network interfaces are renamed accordingly in setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:02:43 +01:00
Michael Tremer
c5465a9453 aws: Let udev rename all network interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:00:39 +01:00
Stefan Schantl
55658ee381 suricata: Fix detection of enabled IDS on zone in initscript 
I accidently commited the wrong file in the previous commit.
This is the fixed and working version.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:45:47 +02:00
Stefan Schantl
00a031145e suricata: Give 644 permissions to the suricata pidfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:24:19 +02:00
Stefan Schantl
3c2c54831f suricata: Add code to create iptables rules to the initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:51:13 +02:00
Stefan Schantl
7c82ee6165 firewall: Add chains for IPS (suricata) 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:50:39 +02:00
Michael Tremer
046ef135e6 Merge remote-tracking branch 'origin/efi' into next 2018-08-16 12:49:13 +01:00
Michael Tremer
242cfc3395 localnet: Properly format and quote variables 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:42:25 +01:00
Michael Tremer
5b9f387d59 localnet: Correctly set domain name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:41:52 +01:00
Michael Tremer
96422f85b6 aws: Hide pakfire update output 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
40436fa149 aws: Write user-data log to file only 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
281d75c945 aws: Execute reboot when an update requires one 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
3eeff87fe6 Fix typo in unbound initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
9ae73c3090 aws: Set PATH to search in /usr/local/(s)bin 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
6cf586436b aws: Import pakfire keys before the first launch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
bd7d957fae aws: Log output of user-data script to /root/user-data.log 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
0ed9b77099 aws: Install all available updates first 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:11:08 +01:00
Michael Tremer
647ca912a2 aws: Setup DNS during init phase 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:10:13 +01:00
Michael Tremer
8defa50e73 aws: Execute user-data script while we have networking up 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-13 12:14:49 +01:00
Stefan Schantl
6187da5055 IDS: Add reload option to initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-11 22:28:07 +02:00
Michael Tremer
467581b8ab avahi: Update to 0.7 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-10 11:19:25 +01:00
Michael Tremer
6064cd87cc Revert "avahi: Drop package" 
This reverts commit aa6ee515c5.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-10 11:11:48 +01:00
Arne Fitzenreiter
7529349754 kernel: apu2 leds: update string for newer bios 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 17:19:52 +02:00
Arne Fitzenreiter
b403b04a13 initrd: add early microcode load 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 13:32:36 +02:00
Arne Fitzenreiter
79bcc6f769 collectd: fix cpufreq plugin enable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-03 16:13:12 +02:00
Michael Tremer
f32cbd89d9 backup: Bump release number in ISO download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-03 13:07:31 +01:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
74b7d695c6 misc-progs: Rename snortctrl to suricatactrl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 09:50:31 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Michael Tremer
87589bce00 backup: Make backup ISO bootable on EFI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-31 16:36:09 +01:00
Michael Tremer
0cf70cae66 aws: Disable SSH password authentication by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-30 16:54:50 +01:00
Matthias Fischer
51099ddfd7 squid: Update to 3.5.28 
For details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-26 14:38:57 +01:00
Michael Tremer
4e4c122c58 aws: Add support for a script that can be executed at first boot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 16:19:46 +01:00
Michael Tremer
ba06294341 aws: Always exit the init script cleanly 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 16:05:15 +01:00
Michael Tremer
a570226765 Merge branch 'next' into efi 2018-07-20 12:47:20 +00:00
Michael Tremer
011204d963 fireinfo: Import latest patches 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:06:11 +00:00
Michael Tremer
12034118dd installer: Run install-bootloader script instead of own code 
This allows us to keep the GRUB installation routine in one
place only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:03:10 +00:00
Michael Tremer
6cf5a533f5 partresize: Remove debugging line 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:03:10 +00:00
Michael Tremer
43829df3bb partresize: Only regenerate configuration instead of re-installing GRUB 
This should not be necessary

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:03:09 +00:00
Michael Tremer
befc040497 Move update-bootloader script into installer 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:03:09 +00:00
Michael Tremer
eadde44b05 update-bootloader: Allow passing device to install GRUB on 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:03:09 +00:00