As default show the events generated by suricata and if
for a certain selected date no suricata log is available
try to fall-back to read the events from the old snort
alert files (if available).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Enable and specify the path to the threshold-file in the suricata.yaml,
otherwise the programm is trying to read it from a build-in default
location and prints the following error message:
Error opening file: "/etc/suricata//threshold.config": No such file or directory
Fixes#11837.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now all oinkmaster related config files and suricata
related yaml files in "/var/ipfire/suricata/" will be
included into the backups.
Also the entire ruleset is part of the backup, so after a
backup has been restored, the IDS can be used in the same way
as before.
Fixes#11835.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Create this file on first execution of the script if it does not exist yet.
This will allow suricata to imediately be started. Otherwise the ruleset has
to be downloaded and configured before this file has been created and suricata
could be launched.
Fixes#11833.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Change the get_memory_usage() function to grab and return the
memory usage of the entire process, containing all sub-processes and
threads.
Fixes#11821
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The concept has been retired a very log time ago
and the web service only responds with 200 what ever
it is being sent.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is not really necessary because pakfire will automatically
failover to the next mirror anyways and that a mirror responds
to an ICMP echo request doesn't necessarily mean that it can
deliver the requested file.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function checks if all files located in /etc/suricata/rules are
writable by the effective user and group (nobody:nobody) and if not
calls suricatactl to fix it.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This command is used to set the ownership and permissions
back to nobody:nobdoy which is used by the WUI to write the
ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Remove a lot of stuff and options which are deactivated during compiling,
unsupported by the plattform or not used in IPFire.
Add an advice to the full documented suricata-example.yaml file which also
is shipped by IPFire.
More work needs to be done.
See #11808
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Code only changed field 6 of hash (target group) and not field 4 (source group).
Also if using geoip it was only field 4 of hash (source group) and not field 6 of hash (target group)
Added new code that changes both fields to reflect the change in the firewallrules immediately.
fixes: #11825
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With this commit, the CGI file will create the oinkmaster related
files during first run if they does not exist.
Fixes#11822.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This generic function can be used to create any kind of emtpy files -
it just requires the full path and filename to work.
If the specified file exists at calltime, the function will abort
to prevent from overwriting existing files and content.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now its possible to create a rule with orange source and target orange interface of the firewall.
Fixes: #11805
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is done at boot time and doesn't normally need to be done again.
On AWS or in the setup, renaming any network interfaces is being
handled automatically.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
