webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,140 Commits 2 Branches 1 Tag
b60fd7a3e2640d7da41a3bdb875669c302849acc
Commit Graph

13140 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
b60fd7a3e2 Core 130: Remove files after convert-snort has been launched 
The converter requires /etc/snort/snort.conf to grab the used rule files
(categories). After all settings have been converted, we are fine to delete all
snort related files, because none of them is needed anymore.

Also the /var/ipfire/snort directory needs to be deleted. If it will be left on the
system and at any later time a backup will get restored, the converter will be
started by the backup script, because it detects that a snort settins dir exists
and would be restore the old snort settings and replaces all current IPS settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 21:22:50 +00:00
Michael Tremer
ceaf0ef008 dnsforward.cgi: Add DNSSEC option to legend 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-18 17:26:16 +00:00
Michael Tremer
08ded6035f dnsforward.cgi: Check DISABLE_DNSSEC checkbox when editing 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-18 15:36:04 +00:00
Michael Tremer
3b521c724f ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-18 15:25:48 +00:00
Michael Tremer
57521504a8 hostapd: Bump package version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:34:19 +00:00
Peter Müller
5b4464a944 hostapd: make client isolation configurable via WebUI 
hostapd supports client-isolation, but this feature could
not be configured via the WebUI so far. Since it might be
desired in public wireless networks, or even private ones,
it makes sense to provide a radio button to let the user
decide on.

Fixes #11974.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:34:06 +00:00
Peter Müller
a10b0e5b44 ensure Tor daemon files have correct permissions 
Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.

This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.

Further, a comment for new Tor user in /etc/passwd has been added.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:32:57 +00:00
Michael Tremer
a46903cce3 core130: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:32:10 +00:00
Matthias Fischer
6f8b156bf0 unbound: Update to 1.9.1 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-March/011415.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:31:29 +00:00
Michael Tremer
2c703afc04 core130: Ship updated ntp 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:30:22 +00:00
Matthias Fischer
f81c222519 ntp: Update to 4.2.8p13 
For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:58 +00:00
Stefan Schantl
728f3d2e8f suricata: Fix ownership and file permissions of files inside /var/lib/suricata. 
These files needs to have nobody.nobody as owner but requires read-acces from everyone
to allow the suricata user reading-in this files during startup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:28:30 +00:00
Stefan Schantl
7bf5b0f221 logs.cgi/ids.dat: Fixup processing dates from logfiles which contains a year 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:27:55 +00:00
Michael Tremer
e1d9148b61 Fix python3-yaml rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 10:00:19 +00:00
Stefan Schantl
9c4477d0f3 core130: Fix another error in rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 14:36:15 +00:00
Michael Tremer
03f68cbca9 core130: Fix errors in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-15 13:20:23 +00:00
Michael Tremer
710afa00c6 Update IPS translation 
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 17:18:21 +00:00
Michael Tremer
acb718b0bb nut: Disable parallel build 
nut just fails to build when running in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 14:01:45 +00:00
Michael Tremer
f9219b91a1 core130: Ship suricata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:48:25 +00:00
Michael Tremer
3bc001dbf9 Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:56 +00:00
Michael Tremer
cdfbdd1ada Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:20:22 +00:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
c578cbd35f core130: Ship updated firewall script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:16:33 +00:00
Peter Müller
5fc5f70347 add IPtables chain for outgoing Tor traffic 
If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.

Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.

Partially fixes #11779.

Singed-off-by: Peter Müller <peter.mueller@ipfire.org>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:38 +00:00
Peter Müller
4680d554fc run Tor under dedicated user 
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:18 +00:00
Michael Tremer
b450e7e3e6 Start Core Update 130 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-14 13:15:03 +00:00
Stefan Schantl
e776d33c70 suricata: Fix amount of listened nfqueues 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 12:14:30 +01:00
Peter Müller
4fc1a0045b amavisd: update to 2.11.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Peter Müller
867151a8b2 Postfix: update to 3.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Michael Tremer
5ea26096ca installer: Set the clock correctly when installing over network 
If a system has a not very up to date clock, downloading files
over HTTPS is impossible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-13 09:35:07 +00:00
Arne Fitzenreiter
9deeda77b6 core129: finish update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:18:52 +01:00
Arne Fitzenreiter
668119063c u-boot: try to boot without ramdisk if the system cannot load it 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:17:28 +01:00
Arne Fitzenreiter
eaf004a468 knot: update to 2.8.0 and build/install only kdig 
This fix compile errors on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:06:23 +01:00
Arne Fitzenreiter
b57220aacd groff: update to 1.22.4 
This fix compile problems on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 15:04:40 +01:00
Stefan Schantl
e8b1b397c1 suricata: Remove unneeded stuff during build 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-13 10:03:48 +01:00
Arne Fitzenreiter
c448474fc7 Revert "kernel: cleanup unused rpi patch" 
This reverts commit a2d49659f3.

The patch is still needed to prevent strange crashes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 09:39:07 +01:00
Michael Tremer
beac548962 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:45 +00:00
Michael Tremer
e26e86dcaa core129: Ship updated dnsforward.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 15:58:04 +00:00
Michael Tremer
56947acb12 Merge remote-tracking branch 'ms/dns-forwarding' into next 2019-03-11 15:57:15 +00:00
Michael Tremer
f1042a5d44 core129: Ship updated dhcp.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:54:19 +00:00
Michael Tremer
8288c0394b Merge remote-tracking branch 'ms/dhcp' into next 2019-03-11 09:53:56 +00:00
Peter Müller
04f9321955 Tor WebUI: drop relay bandwith options < 1 MBit/s 
Tor requires at least 1 MBit/s in order to participate.

Fixes #12001

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:52:54 +00:00
Michael Tremer
199db95a70 dnsdist: Limit to fewer concurrent build processes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-11 09:38:56 +00:00
Michael Tremer
61424e9c67 core129: Ship updated less 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:23:22 +00:00
Peter Müller
9f7524c8b0 less: update to 530 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:53 +00:00
Peter Müller
e29c6d29c9 Postfix: update to 3.4.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:39 +00:00
Matthias Fischer
15b1a3e360 slang: revert parallelized build 
This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=217e74c77317d4c829913f934458779fd278bf29;hb=23164efba5f57b3d8ccb07a166b613f2f951e1b6

'slang 2.3.0' doesn't like "$(MAKETUNING)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-10 18:22:21 +00:00
Stefan Schantl
f717b1dc55 IDS: Set owner of suricata logging directory to correct user 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:52:40 +01:00
Stefan Schantl
fd378b3b08 Rename snort user and group to suricata 
This only affects new installations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:50:37 +01:00
Michael Tremer
38081b8be1 suricata: Run as non-root user 
This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-10 18:02:39 +01:00