webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 19:53:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,639 Commits 2 Branches 1 Tag
80a2765de51ea614cb1e0c770e4e0217ec8d00a0
Commit Graph

27 Commits

Author SHA1 Message Date
Michael Tremer
6b3b3a32ab swap: Start swap after mounting filesystems 
When using a swap file, it is not being activated correctly
when the filesystem it is residing on is not mounted, yet.

The root file system is mounted read-only here before
S40mountfs is being executed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 16:19:54 +00:00
Arne Fitzenreiter
a344d3c902 unbound/red.up: run unbound update-forwarders after suricata init. 
The old suricata instance blocks dns requests if the red ip has changed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-04 08:52:56 +01:00
Arne Fitzenreiter
3b5131c1a3 unbound: drop remove-dns-fowarders at red.down 
this functions has only reloaded unbound config
which is useless at shutting down the red interface.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-02 17:54:48 +00:00
Arne Fitzenreiter
8569b3e11b red.up: move update-dns-forwareders behind the firewall 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-19 14:51:48 +00:00
Michael Tremer
8893881160 lvm2: Add initscript for lvmetad 
This daemon needs to be launched in order to use LVM
devices in IPFire.

It will run on all installations after this patch has been
merged but only consumes very little memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-16 18:23:30 +00:00
Michael Tremer
04b7a78140 unbound: Do not reset safe search again 
This is now done in the reload stage and we do not need to
take care about it again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-13 21:25:10 +01:00
Michael Tremer
d7190078ce unbound: Configure Safe Search dynamically 
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.

That resulted in no records being created and nothing being
filtered.

This will now set/reset safe search when the system connects
to the Internet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:51:21 +00:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
7c30831ad2 initskripts: move unbound down after network down 
this remove a bunch of unbound errors at shutdown because
network down try to reconfigure unbond. (e.g. disable forwarders)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-11 11:09:40 +02:00
Arne Fitzenreiter
3ec3329dff unbound: rework dns-forwader handling 
add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.

This also fix the hung at dhcpd shutdown.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-16 19:20:48 +02:00
Michael Tremer
acf47bfa80 cloud-init: Import experimental configuration script for Azure 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
ffb37e51d4 Rename AWS initscript to cloud-init 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Stefan Schantl
8117fff863 IDS: Call helper script when red interface gets up 
The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-02-06 15:40:19 +01:00
Stefan Schantl
c1a3401235 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 2019-01-21 13:04:13 +01:00
Michael Tremer
7d5caee6bd Add initscript for conntrackd 
The daemon will be started by default when a configuration
file exists.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 08:59:25 +00:00
Stefan Schantl
a13ddf04d9 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-12-12 09:27:59 +01:00
Michael Tremer
f354601bbe initscripts: Import pakfire keys before importing AWS configuration 
This is useful when the user-data script is installing
packages. For that it will need valid keys for course.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-07 11:38:55 +00:00
Stefan Schantl
cb52183c6a Fix merge conflicts during merge of next and the suricata branch 2018-08-23 10:34:17 +02:00
Michael Tremer
84cd9b9162 Drop the network-trigger script 
This is done at boot time and doesn't normally need to be done again.

On AWS or in the setup, renaming any network interfaces is being
handled automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:05:43 +01:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
914cca3d8e initscripts: Link against suricata initscript in runlevels and red.up hook 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:02:34 +02:00
Arne Fitzenreiter
1ac0d5c598 Merge branch 'aarch64' into next 
Conflicts:
	config/rootfiles/core/121/filelists/acpid
	config/rootfiles/core/121/filelists/apache2
	config/rootfiles/core/121/filelists/apr
	config/rootfiles/core/121/filelists/aprutil
	config/rootfiles/core/121/filelists/armv5tel/files
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/linux-multi
	config/rootfiles/core/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/121/filelists/armv5tel/u-boot
	config/rootfiles/core/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/121/filelists/beep
	config/rootfiles/core/121/filelists/cmake
	config/rootfiles/core/121/filelists/crda
	config/rootfiles/core/121/filelists/dhcp
	config/rootfiles/core/121/filelists/flex
	config/rootfiles/core/121/filelists/i586/grub
	config/rootfiles/core/121/filelists/i586/intel-microcode
	config/rootfiles/core/121/filelists/i586/linux
	config/rootfiles/core/121/filelists/i586/linux-initrd
	config/rootfiles/core/121/filelists/iw
	config/rootfiles/core/121/filelists/jwhois
	config/rootfiles/core/121/filelists/libidn
	config/rootfiles/core/121/filelists/multipath-tools
	config/rootfiles/core/121/filelists/pcre
	config/rootfiles/core/121/filelists/tar
	config/rootfiles/core/121/filelists/unbound
	config/rootfiles/core/121/filelists/wget
	config/rootfiles/core/121/filelists/x86_64/grub
	config/rootfiles/core/121/filelists/x86_64/intel-microcode
	config/rootfiles/core/121/filelists/x86_64/linux
	config/rootfiles/core/121/filelists/x86_64/linux-initrd
	config/rootfiles/core/122/filelists/aarch64/files
	config/rootfiles/core/122/filelists/acpid
	config/rootfiles/core/122/filelists/apache2
	config/rootfiles/core/122/filelists/apr
	config/rootfiles/core/122/filelists/aprutil
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/core/122/filelists/armv5tel/linux-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/linux-multi
	config/rootfiles/core/122/filelists/armv5tel/rpi-firmware
	config/rootfiles/core/122/filelists/armv5tel/u-boot
	config/rootfiles/core/122/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/core/122/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/core/122/filelists/beep
	config/rootfiles/core/122/filelists/cmake
	config/rootfiles/core/122/filelists/crda
	config/rootfiles/core/122/filelists/dhcp
	config/rootfiles/core/122/filelists/flex
	config/rootfiles/core/122/filelists/i586/grub
	config/rootfiles/core/122/filelists/i586/intel-microcode
	config/rootfiles/core/122/filelists/i586/linux
	config/rootfiles/core/122/filelists/i586/linux-initrd
	config/rootfiles/core/122/filelists/iw
	config/rootfiles/core/122/filelists/jwhois
	config/rootfiles/core/122/filelists/libidn
	config/rootfiles/core/122/filelists/multipath-tools
	config/rootfiles/core/122/filelists/pcre
	config/rootfiles/core/122/filelists/tar
	config/rootfiles/core/122/filelists/unbound
	config/rootfiles/core/122/filelists/wget
	config/rootfiles/core/122/filelists/x86_64/grub
	config/rootfiles/core/122/filelists/x86_64/intel-microcode
	config/rootfiles/core/122/filelists/x86_64/linux
	config/rootfiles/core/122/filelists/x86_64/linux-initrd
	config/rootfiles/core/123/filelists/unbound
	config/rootfiles/oldcore/121/filelists/acpid
	config/rootfiles/oldcore/121/filelists/apache2
	config/rootfiles/oldcore/121/filelists/apr
	config/rootfiles/oldcore/121/filelists/aprutil
	config/rootfiles/oldcore/121/filelists/armv5tel/files
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-initrd-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-multi
	config/rootfiles/oldcore/121/filelists/armv5tel/linux-rpi
	config/rootfiles/oldcore/121/filelists/armv5tel/rpi-firmware
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-kirkwood
	config/rootfiles/oldcore/121/filelists/armv5tel/u-boot-mkimage
	config/rootfiles/oldcore/121/filelists/beep
	config/rootfiles/oldcore/121/filelists/cmake
	config/rootfiles/oldcore/121/filelists/crda
	config/rootfiles/oldcore/121/filelists/dhcp
	config/rootfiles/oldcore/121/filelists/flex
	config/rootfiles/oldcore/121/filelists/i586/grub
	config/rootfiles/oldcore/121/filelists/i586/intel-microcode
	config/rootfiles/oldcore/121/filelists/i586/linux
	config/rootfiles/oldcore/121/filelists/i586/linux-initrd
	config/rootfiles/oldcore/121/filelists/iw
	config/rootfiles/oldcore/121/filelists/jwhois
	config/rootfiles/oldcore/121/filelists/libidn
	config/rootfiles/oldcore/121/filelists/multipath-tools
	config/rootfiles/oldcore/121/filelists/pcre
	config/rootfiles/oldcore/121/filelists/tar
	config/rootfiles/oldcore/121/filelists/wget
	config/rootfiles/oldcore/121/filelists/x86_64/grub
	config/rootfiles/oldcore/121/filelists/x86_64/intel-microcode
	config/rootfiles/oldcore/121/filelists/x86_64/linux
	config/rootfiles/oldcore/121/filelists/x86_64/linux-initrd
	make.sh
 2018-07-03 11:52:05 +01:00
Arne Fitzenreiter
4838034131 random: update initskript for machines with low entropy 
the script wait until crng is correct initialized before restore the
random seed and make some disc io to work around low entropy at boot
on some machines. Not really a fix but it should be better than reverting
CVE-2018-1108 fixes from kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-06-28 20:48:58 +02:00
Michael Tremer
bd3bcb45d6 AWS: Import aws setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-25 10:55:39 +01:00
Michael Tremer
1c21ebf8d5 Add initscript that automatically configures IPFire on AWS EC2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-21 16:45:40 +01:00
Michael Tremer
e91d99c8eb Import rootfiles for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-31 12:10:23 +01:00