webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 02:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,489 Commits 2 Branches 1 Tag
a40bcbb02cf1012405c4a0507d4b54d4d8a45064
Commit Graph

5235 Commits

Author SHA1 Message Date
Michael Tremer
a40bcbb02c core133: Ship IPS changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:41:37 +01:00
Tim FitzGeorge
a5ba473c15 suricata: correct rule actions in IPS mode 
In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate.  Also add
a script to be run on update to correct existing downloaded rules.

Fixes #12086

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:39:57 +01:00
Michael Tremer
9734a58faf core133: Ship IDS ruleset updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:34:44 +01:00
Michael Tremer
dc9ac30c8d core133: Ship updated vpnmain.cgi file and regenerate configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 05:08:31 +01:00
Michael Tremer
c899be2fd0 core133: Ship updated dhcp.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 00:33:36 +01:00
Michael Tremer
0bb25a4f61 SMT: Disable when system is vulnerable to L1TF (Foreshadow) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:55:17 +01:00
Michael Tremer
cfbb61a74d Rootfile update for ARM kernels 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:44:49 +01:00
Michael Tremer
236831c0f9 Rootfile update for gcc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:41:59 +01:00
Michael Tremer
d62925de4f core133: Ship updated PAM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:32:35 +01:00
Michael Tremer
ba329dce8f core133: Ship updated rrdtool 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:31:51 +01:00
Matthias Fischer
83d4264eba rrdtool: Update to 1.7.2 
For details see:
https://oss.oetiker.ch/rrdtool/pub/CHANGES

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:31:11 +01:00
Michael Tremer
c7def60649 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-03 09:20:05 +01:00
Michael Tremer
f748c79450 core133: Ship updated ovpnmain.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-02 22:49:42 +01:00
Michael Tremer
b0ec4158f3 miau: Drop package 
This is not maintained since 2010

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-29 15:24:29 +01:00
Michael Tremer
f62f432a27 openssl: Update to 1.1.1c 
Fixes CVE-2019-1543

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-29 13:51:48 +01:00
Michael Tremer
7b6d2972e3 strongswan: Update to 5.8.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 13:05:50 +01:00
Erik Kapfer
3c8aa8d75b tshark: Update to 3.0.2 
Incl. one vulnerability and several bug fixes. For full overview --> https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html .

- Disabled geoip support since libmaxminddb is not presant.
- Added dictionary in ROOTFILE to prevent "radius: Could not open file: '/usr/share/wireshark/radius/dictionary' " .
- Added CMAKE build type
- Removed profile examples and htmls completly from ROOTFILE.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 12:29:36 +01:00
Michael Tremer
992fdd3d07 core133: Ship toolchain changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 11:44:32 +01:00
Michael Tremer
71ff23c765 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 11:41:46 +01:00
Michael Tremer
fe9dbfa124 core133: Ship updated IPS ruleset sources 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:48:44 +01:00
Michael Tremer
f6104aa1e0 core133: Drop metadata for jansson package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:42:50 +01:00
Michael Tremer
86efc510f9 core133: Ship hyperscan 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:40:31 +01:00
Michael Tremer
81544f8884 hyperscan: Move rootfiles to arch directories 
This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:38:42 +01:00
Stefan Schantl
52ebc66bba hyperscan: New package 
This package adds hyperscan support to suricata

Fixes #12053.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:14 +01:00
Stefan Schantl
2348cfffcf ragel: New package 
This is a build dependency of hyperscan

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:03 +01:00
Stefan Schantl
1a5f064916 colm: New package 
This is a build dependency of ragel, which is a build dependency of
hyperscan.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:32 +01:00
Stefan Schantl
616395f37c jansson: Move to core system and update to 2.12 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:00 +01:00
Michael Tremer
f6e18df542 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:37:23 +01:00
Arne Fitzenreiter
8a104d7f02 core133: readd late core132 changes to core133 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 17:27:16 +02:00
Arne Fitzenreiter
83809af1fb Merge branch 'master' into next 2019-05-26 17:23:54 +02:00
Arne Fitzenreiter
637885839b core132: security conf should not executable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:17:04 +02:00
Arne Fitzenreiter
d0db7550ed core132: set correct permissions of security settings file. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:05:41 +02:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
9f0295a512 Merge remote-tracking branch 'ms/faster-build' into next 2019-05-24 06:54:16 +01:00
Michael Tremer
8feb0db430 core133: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:39:37 +01:00
Michael Tremer
53ef2a0ffe core133: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:21 +01:00
Matthias Fischer
f225f3ee29 bind: Update to 9.11.7 
For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html

"Security Fixes

  The TCP client quota set using the tcp-clients option could be exceeded in some cases.
  This could lead to exhaustion of file descriptors.
  This flaw is disclosed in CVE-2018-5743. [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:36:55 +01:00
Michael Tremer
79967ee9c4 Start Core Update 133 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:35:46 +01:00
Arne Fitzenreiter
b0d31edbd6 vnstat: fix errormessage at first boot 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:36:16 +02:00
Arne Fitzenreiter
6d37280f3e configroot: create main/security settings file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:03:21 +02:00
Arne Fitzenreiter
405f69fc9c web-user-interface: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:02:54 +02:00
Michael Tremer
a087f4f586 core132: Ship vulnerabilities.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:55:55 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
db3451fe72 suricata: Ship updated rule download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:10:15 +01:00
Michael Tremer
933bfbf305 core132: Ship updated ovpnmain.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:16 +01:00
Erik Kapfer
ffcef39d40 tshark: New addon 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:44:04 +01:00
Arne Fitzenreiter
9961167a52 core132: add log.dat to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-20 07:14:12 +02:00
Michael Tremer
f809b8d5c7 core132: Ship updated apache configuration 
A reload would be sufficient.

I could not find why apache needs to be restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 20:30:13 +01:00
Michael Tremer
0aa21ad307 Fix version information in backupiso script 
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 19:52:27 +01:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00