webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,864 Commits 2 Branches 1 Tag
8076deba79f9bbd4e551fdfe1eb49e8a77b2c19e
Commit Graph

12864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
8076deba79 ids-functions.pl: Add code to lock/unlock ids page while autoupdating the ruleset 
Reference #11991

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 07:59:20 +01:00
Stefan Schantl
5f2145eb59 ids.cgi: Show "Update Ruleset"-Button only if automatic updates are disabled 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-07 07:44:11 +01:00
Stefan Schantl
f6eb1a40a0 aliases.cgi: Handle suricata related actions when dealing with aliases 
When working with aliases (adding/modifying/removing), the file which
contains the HOME_NET declarations needs to be re-generated and suricata
requires a restart afterwards.

Fixes #11990

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:59:02 +01:00
Stefan Schantl
8117fff863 IDS: Call helper script when red interface gets up 
The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:40:19 +01:00
Stefan Schantl
d8f19ebb5a IDS: Edit german translation for "ids oinkcode required". 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 13:12:50 +01:00
Stefan Schantl
613f58fbfa ids.cgi: Check if the selected ruleset requires an oinkcode 
Fixes #11983

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 12:49:01 +01:00
Stefan Schantl
f644a167ab ids.cgi: Only perform actions when saving ruleset settings, if there are no error messages 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 12:48:08 +01:00
Stefan Schantl
155b3b56a8 ids-functions.pl: Do not send HEAD requests to sourcefire (snort.org) servers 
Using this feature to fetch the size of the requested tarball is not allowed by these
servers, so skip this feature for their rulesets.

Fixes #11987

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 10:58:59 +01:00
Stefan Schantl
c17a9778d6 Revert "ids-functions.pl: Use GET method to fetch Header data of a file" 
Using the GET method will download the file twice and does not provide the
desired mechanism here.

This reverts commit 81592314eb.
 2019-02-06 10:00:17 +01:00
Stefan Schantl
422dc4caf9 ids.cgi: Fix HTML formated spaces. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 14:34:44 +01:00
Stefan Schantl
9e9b477d7c ids.cgi: Rework "Enable IPS" section 
Just use one language string for a maximum of flexiblity for the
transloators.

Fixes #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 14:17:19 +01:00
Stefan Schantl
af0065691c suricata: Do not display messages when starting up 
Fixes #11979.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:57:40 +01:00
Stefan Schantl
cc9057c014 ids.cgi: Change lang string from "Activate IPS" to "Enable IPS" 
Reference #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:51:08 +01:00
Stefan Schantl
318e7137e7 IDS: Rename IDS strings to IPS 
Reference: #11986

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 13:25:27 +01:00
Stefan Schantl
97870bf29c ids.cgi: Stop suricata when the rulest source has been changed 
If the ruleset source has been changed, it has to be configured again.
This happens because of different rule categories, filenames rule ID's etc.

In case suricata currently is running it has to be stopped and after the configuration
has been done by the user, it can be launched again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:43:49 +01:00
Stefan Schantl
5709768b0b ids.cgi: Fix downloading rules if source changed 
Fix the if statement to detect wheater the ruleset has been
changed and automatically download the new one.

Fixes #11984.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:36:30 +01:00
Stefan Schantl
b7a9b4edc2 ids.cgi: Update automatic download texts 
Update the showed texts in the dropdown box as mentioned in the
bug report.

Fixes #11985

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:13:28 +01:00
Stefan Schantl
81592314eb ids-functions.pl: Use GET method to fetch Header data of a file 
The sourcfire web servers does not support the HEAD request so we have to do
this with a GET here.

Fixes #11987

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 12:01:43 +01:00
Stefan Schantl
4924cfdc73 ids-functions.pl: Fix show HTTP error code and message 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-05 11:55:37 +01:00
Stefan Schantl
067e1847dc suricata.yaml: Add port 222 to list of SSH Ports 
The SSH-server listened on port "222" as default on IPFire in the past.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-01 14:34:25 +01:00
Stefan Schantl
bcbc9897e3 ids-functions.pl: Grab address for RED by using get_red_address() function. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-31 09:50:47 +01:00
Stefan Schantl
de8e1e5b6c ids-functions.pl: Add function to the the current assigned IP-address of RED. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-31 09:41:35 +01:00
Stefan Schantl
912d7472a8 ids.cgi: Automatically download ruleset if the ruleset source has been changed. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-31 08:55:05 +01:00
Stefan Schantl
c9b07d6a0c initscripts/suricata: Generate firewall rules on start and reload 
Fixes #11978

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 13:47:07 +01:00
Stefan Schantl
23c0347ac5 ids-functions.pl: Add RED address and aliases to the HOME_NET 
Reference: #11981

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 12:51:51 +01:00
Stefan Schantl
77c3130174 ids-functions.pl: Add get_aliases() 
This subfunction is used to get all configured and enabled aliases
for the RED network zone. They will be returned as an array.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 11:57:49 +01:00
Stefan Schantl
d6f725e185 update-ids-ruleset: Improve error reporting if the system is offline 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:57:31 +01:00
Stefan Schantl
e0cec9fe99 ids.cgi: Dynamically generate SHOW/HIDE for expanding or collapsing a ruleset category 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:53:17 +01:00
Stefan Schantl
cf02bf2f7d ids.cgi: Show IDS setting area only if a ruleset is present. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:12:11 +01:00
Stefan Schantl
013274d7d8 ids.cgi: Diplay reason, why a ruleset could not be downloaded, if the system is offline. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 10:05:14 +01:00
Stefan Schantl
5fd2e9d64a ids.cgi: Also download the ruleset when saving the ruleset settings 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:57:49 +01:00
Stefan Schantl
34a3843865 ids.cgi: Add dropdown option for Emergingthreats.net Pro rules. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:42:28 +01:00
Stefan Schantl
d618d67e01 ids.cgi: Only show "update ruleset" button if a ruleset is present 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:39:17 +01:00
Stefan Schantl
674912fc3a ids.cgi: Draw daemon status and setting in the same box. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:33:47 +01:00
Stefan Schantl
029b8ed2b1 ids.cgi: Show/Hide subscription code area dynamically. 
Dynamically (Java Script) show/hide the area for entering the
subscription code / oinkcode based on the choosen ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:27:37 +01:00
Stefan Schantl
bc4a2223cc ids.cgi: Remove help text for obtaining an oinkcode 
This information is only valid for sourcefire (snort) rulesets, may
confuse users and therefore should be handled in the wiki.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-30 09:25:34 +01:00
Michael Tremer
17c2c09bcc suricata: Scan outgoing traffic, too 
Connections from the firewall and through the proxy must be filtered, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 14:08:51 +01:00
Peter Müller
8059239661 Suricata: drop unused cuda HW acceleration 
As stated in https://bugzilla.ipfire.org/show_bug.cgi?id=11808#c5 ,
Cuda hardware acceleration is unused and so the configuration file
section can be removed.

This partially addresses #11808.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 14:07:43 +01:00
Stefan Schantl
68699ecfff Revert "Add DDNS to core 107." 
This reverts commit 197033fab2.
 2019-01-29 11:23:54 +01:00
Stefan Schantl
ca8c92108a update-ids-ruleset: Set correct ownership for rulesdir and files 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 09:09:11 +01:00
Stefan Schantl
36e69d34b1 convert-snort: Use set_ownership() from ids-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 09:05:29 +01:00
Stefan Schantl
4fbd88bfad ruleset-sources: Add Emerging-Threads Pro ruleset 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 09:01:20 +01:00
Stefan Schantl
9f9651e06a logs.cgi/log.dat: Change search pattern from snort to suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 09:00:26 +01:00
Stefan Schantl
3c59b1fab8 ids-functions.pl: Set correct ownership for the stored error file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 08:58:08 +01:00
Stefan Schantl
1fedede6a0 ids-functions.pl: Add set_ownership() function. 
This function is used to change the ownership of a given file
or directory to the user "nobody" and the group "nobody", which is
used by the WUI.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 08:50:16 +01:00
Stefan Schantl
8c27372438 backup.pl: Run snort to suricata converter when a backup gets restored. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 08:40:34 +01:00
Stefan Schantl
85a62b0523 IDS: Install snort to suricata converter 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-01-29 08:26:15 +01:00
Stefan Schantl
e4840020ed Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-28 17:29:21 +01:00
Matthias Fischer
61ee842911 ghostscript: Update to 9.26 
For details see:
https://www.ghostscript.com/doc/9.26/News.htm

This version fixes CVE-2019-6116 ("code execution via subroutines within pseudo-operators")

Some details (german) can be found here:
https://www.heise.de/security/meldung/Boeser-Bug-in-PostScript-trifft-ghostscript-und-damit-Viele-mehr-4286563.html

I saw this article and found it could be the time for an update...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-27 22:26:55 +00:00
Stefan Schantl
39155be805 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-26 12:40:04 +01:00