The CGI now uses an own ignored configuration file for
storing host addresses and/or subnets which should be
ignored by guardian.
This allows to add remarks for them and to enable or disable
each entry individally at any time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rework the GetBlockedHosts() to use the "getipstat" binary
instead of the not longer available "guardianctrl" binary.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The guardianctrl binary does not longer exists, use
the Guardian::Socket module to send various commands
by using the provided socket client.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The config file format and values have been changed, so the
code to do the generation has to be adjusted.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rename the hash key names of enabled parser modules,
(services which should be monitored by guardian) to
keep the same name sheme than in the guardian config
file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When the owncloud addon is not installed, this value was not
initialized correctly.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Guardian does not longer require the information for the red interface from
the configfile.
Guardian does not longer support a targetfile.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit allows to enable or disable the monitoring of the snort alertfile
and to switch off the blocking of SSH and HTTPD Brute-force attempts.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The correct case for "kilobit" is "kilobit", not "kiloBit".
And the same applies for Mbit, Gbit etc.
Reference is https://en.wikipedia.org/wiki/Kilobit
This commit changes the texts used in the web UI, so
that it correctly displays as "bit", "kbit", "Mbit" etc.
This fixes bugzilla item 10918.
Signed-off-by: Alf Høgemark <alf@i100.no>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added 'squid' and 'snort' to section dropdown in LOGS / SYSTEM LOGS,
added translations.
Added translation string for 'web proxy' in '30-network.menu'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Release notes:
2016-03-09 - Snort 2.9.8.2
[*] New additions
* Future-flow and DNS API exposed to lua detector.
* Double VLAN tagging support.
[*] Improvements
* Performance improvements to AppID.
* Stability improvements to file and ftp_telnet preprocessor.
* Fixed several issues with SDF and obfuscation.
* Resolved an issue of improper handling of malformed DNS host
in AppID.
* HTTP PAF accepts all tokens between method and version strings
in a request URI.
* Resolved snort build issue with "--disable-perfprofiling" configure
option.
* Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.
* End of Header(EOH) identification for HTTP response header spanning multiple
packets.
* Improved packet reassembly for HTTP.
* Fixed Flash LZMA decompression issue.
For details see:
https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
GRE connections were not correctly forwarded without the helper
being enabled. Choosing the wrong protocol here did not allow
us to load it properly.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Handcrafted requests with shell commands could be sent to these
CGI files and gain shell access as unprivileged user.
References: #11087
Reported-by: Yann Cam <yann.cam@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If bridged ipv6 is used, $iface is taken from PHYSIN
In the log line the order of fields is "... IN=XY OUT=XY PHYSIN=XY ..."
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts (see seperate patch sent earlier)
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
---
