Suricata does support re-reading it's configuration files and therfore
we need to restart it, if one or more ruleset files should be loaded or
not loaded anymore.
If simple some rules inside the same files are activated or deactivated
we are still fine to call the reload method to send suricata the signal
to reload its ruleset.
Fixes#12340.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
fcrontab -z fails on a freshly installed system since
/var/spool/cron is now owned by cron:cron and a temporary
file cannot be created.
This will have to be manually changed in the updater by
calling:
chown cron:cron /var/spool/cron
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html
"Notes for BIND 9.11.17
Feature Changes
The configure option --with-libxml2 now uses pkg-config to detect
libxml2 library availability. You will either have to install pkg-config
or specify the exact path where libxml2 has been installed on your
system. [GL #1635]
Bug Fixes
Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or
OpenVPN) destinations was emitted to the internet (ppp0 or red0
interface) directly if the IPS was enabled but crashed during operation.
This patch places the IPSECBLOCK and OVPNBLOCK chains before the
ones responsible for forwarding traffic into the IPS.
Thanks to Michael for his debugging effort.
Partially fixes#12257
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
In order to keep configurations as small as possible and to make them
easier to read/audit, this patch omits all default configuration in the
OpenSSH server configuration file.
Further, it mentions where to refer for the full documentation.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since we are running unbound locally which always runs DNSSEC
validation, we can simply trust it and pass the ad flag on to
applications which make use of it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since IPsec routing information do not show up in the normal routing
table, also displaying the contents of table 220 on netother.cgi might
be useful for debugging purposes.
The second version of this patch omits the output if routing table 220
is empty and introduces a custom translation for IPsec routing table
entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Summary: smartmontools release 7.1
-----------------------------------------------------------
- smartctl: Fixed bogus exception on unknown form factor value (regression).
- smartctl '--json=cg': Suppresses extra spaces also in 'g' format.
- smartctl '-i': ATA ACS-4 and ACS-5 enhancements.
- smartd: No longer truncates very long device names in warning emails.
- smartd: No longer skips scheduled tests if system clock has been adjusted
to the past.
- smartd '-A': Attribute logs now use local time instead of UTC.
- ATA: Device type '-d jmb39x,N' for drives behind JMicron JMB39x RAID port
multipliers.
- SCSI: Workaround for incomplete Log subpages response from some SAS SSDs.
- HDD, SSD and USB additions to drive database.
- Autodetection of '-d sntjmicron' type for JMicron USB to NVMe bridges.
- configure: Defines '_FORTIFY_SOURCE=2' if supported and not defined.
- Linux/FreeBSD: Fixed segfault on CCISS transfer sizes > 512 bytes.
- Linux: Fixed smartd.service 'Type' if libsystemd-dev is not available.
- Linux: Fixed '/dev/megaraid_sas_ioctl_node' fd leak.
- Linux: Fixed GPL licensing problem of 'linux_nvme_ioctl.h'.
- FreeBSD update-smart-drivedb: Now uses 'fetch' as default download tool.
- FreeBSD big endian: Fixed NVMe access.
- FreeBSD: Compile fix for FreeBSD 12.
- NetBSD: Fixed device scan crash on empty name list.
- NetBSD: Fixed memory leak in device scan.
- Windows: Fixed log page access via Windows 10 NVMe driver for NVMe 1.2.1+.
- Windows: Allow drive letters as device names for Windows 10 NVMe driver.
- Windows: Workround to allow CSMI access to devices behind AMD RAID drivers.
- Windows: Fixed MinGW options to add relocation info if ASLR is enabled.
- Windows wtssendmsg: No longer writes '\n' line endings to event log.
- Windows wtssendmsg: New options '-t' and '-w'.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
