This function simply return an array of all used nameservers.
It also takes care if the usage of ISP assigned nameservers
is enabled or not and if user-added nameservers are enabled or not.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.
Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.
Thanks to Michael for his debugging effort.
Fixes#12260
Partially fixes#12257
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This function is used to generate a yaml file which take care of the
current used DNS configuration and should be included in the main
suricata config file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore.
The function used to verify that is used from general-functions.pl.
Now the function 'validemail' allows the underscore in the address.
Fixes: #12070
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Directly implement the logic to determine the used ruleset and if
IDS or IPS mode should be used into the function instead of pass those
details as arguments.
This helps to prevent from doing this stuff at several places again and again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate. Also add
a script to be run on update to correct existing downloaded rules.
Fixes#12086
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds a new CGI file which allows users to edit the
VLAN configuration as well as configuring zones as bridges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The output was written to stderr before and landed in apache's
error log where we do not want it.
Fixes: #12004
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This accidientially dropped all lines that include #. That resulted
in colour codes not being loaded from file any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will allow to scan the traffic from an EXTERNAL_NET to the HOME_NET and from
the HOME_NET to the EXTERNAL_NET.
Reference: 10273
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Using this feature to fetch the size of the requested tarball is not allowed by these
servers, so skip this feature for their rulesets.
Fixes#11987
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The sourcfire web servers does not support the HEAD request so we have to do
this with a GET here.
Fixes#11987
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This subfunction is used to get all configured and enabled aliases
for the RED network zone. They will be returned as an array.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to change the ownership of a given file
or directory to the user "nobody" and the group "nobody", which is
used by the WUI.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Enhanching the code to fix the lookup will rapidely slow down the lookup speed. Because using
the GeoIP2 module is no option ( the reasons have been described in the commit message which will
now reverted), we have decided to temporary switch back to the old module until a nice solution has
been found.
This reverts commit ff21ff90d2.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function is used to get all available GeoIP locations.
The functions returns them as array, sorted in alphabetical order.
Reference #11959
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Drop the usage of the old legacy GeoIP perl module which was not able to handle the
new GeoLite2 databases.
Write some code to directly access the databases and extract the required data.
Usage of the GeoIP2 perl module would provide a lot of more functionality which is not
used/needed. Unfortunately ir requires at lot of additional perl modules which are
not available on IPFire and would only be build and shipped for this module. Buildig all
of them will slow down the entire build process, mess up the system and requires a lot
more space on disk.
Fixes#11962.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In commit ea5c8eeb83 the taken settings
for the ruleset have been stored into an own file.
The Downloader now uses this file to read-in which ruleset should be used
and downloaded.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
I added a function to determine the number of cores.
Now the number of squid processes will be equal to the number of logical cores.
Further I removed the possibility of changing the number
of squid processes in the proxy.cgi
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: root <root@ipfire.test>
The get_suricata_version() function is used to get the version
of the on the system installed version of suricata. You can
specify the how detailed the returned result should be "major" will
return only the major version, were "minor" will provide the major
and minor version (1.2 for example). All other calls will be answered
with the full version string (1.2.3).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to write the corresponding file which
tells oinkmaster to alter the whole ruleset and finally
switches suricata into an IPS or IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Download the requested rules tarball into a temporay file
and if every thing is fine, replace the old by the
downloaded one.
In addition with the previously implemented file size check,
we are saved now from a corrupt rules tarball on disk.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The downloader now requests the html header for the rulestarball
and obtain the size of the file bevore downloading it.
After success the size of the downloaded file will be compared with
the requested one before. If they do not match, an error will be gained.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Use a directory listing and delete the files.
* Keep files with "config" as file extension.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This private function is used to remove any files which are stored in the
IDS rules directory and prevent from any old (unneeded or conflicting) files
after an update or complete change of the ruleset source.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
