If a single sid has been activated and then disabled without doing
any other ruleset modifications only one of the oinkmaster files
for enabled / disabled rules has been modified.
In this case it was possible, that the same sid, was part of the
file for enabled rules and part of the file for disabled rules at the
same time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The enabled rulefiles (rule categories) now will be added
to an own file, which will be included by the snort main config
file.
This will allow us to update snort and push the new main config file
without loosing the activated rulesets anymore.
* Introducing snort-used-rulefiles.conf
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Drop a lot of unused variables and code.
* Re-ordering some code parts.
* Add a lot of comments.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The manually enabled or disabled rules by the user now will be written
to own config files, which will be used by oinkmaster to keep these rules
in the same state after a rules update has been performed.
In short words, if you adjust your ruleset, the changes will not be lost
again if you perform an update of your ruleset.
* Grabbing and storing the cgi values now in an own hash (%cgiparams)
* Introducing oinkmaster config files for enabled and disabled rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The complete ruleset will be grouped as categories by it's
corresponding rulefile and printed in hidden tables.
They easiely can be displayed by klicking on the show link and
vice-versa.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the code for reading and parsing the snort rule files
into an own subfunction.
* Drop code for reading in and modifying the snort main config file.
* Rework code for parsing and adding the snort rules to the snortrules hash.
* Drop code for gathering a description for the rule files, which does not
because of a file layout change and sadly there is not suitable description
shipped anymore by the snort team.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the function for doing the page refresh stuff to the end of the file and
do some layout changes for better reading the code.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Use pure perl for getting the filelist of available
rule files instead of using a sub-shell and unix commands.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Asterisk enables -march=native which renders the code
incompatible to most systems.
Fixes: #11793
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This gets in the way for authoring the CD and we will
never have any other kernels but the main one.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There was loads of duplicated code which could have been
made shorter by adding one variable.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
sshctrl calls sshd directly which won't work at time of the first boot
because no keys will be generated.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Amazon does not permit that a user logs in as root directly.
Instead they insist on using sudo.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes includes:
Own crypto warning and error message in WUI (can be extended to configuration too).
Check if DH-parameter is < 2048 bit with an error message and howto fix it.
Check if md5 is still in use with an error message and suggestion how to proceed further to fix it.
Check for soon needed RFC3280 TLS rules compliants and suggestion how to proceed further to fix it.
Disabled 1024 bit DH-parameter upload.
Changed de and en language files for DH-parameter upload (deleted 1024 bit).
Added explanations to de and en language files for the above changes.
Fixed Typo in en language file.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
