webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,097 Commits 2 Branches 1 Tag
c8dcd46537bebe4f59cd7c22d09c45e98bfecb1f
Commit Graph

3630 Commits

Author SHA1 Message Date
Stefan Schantl
6ce504a2f2 suricatactrl: Add "cron" command 
This command allows to enable the automatic update
of the used IDS ruleset and to specify the update interval.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 13:54:14 +02:00
Arne Fitzenreiter
4eedf6793b rebuild-initrd: update for grub2 
this was was not used for years because we usually ship a prebuild ramdisk
so this incompatiblity was not noticed long time...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-20 20:03:26 +02:00
Matthias Fischer
74189c1d55 openssh: Update to 7.8p1 
For details see:
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog

I didn't find an official lfs-patch for openssl-1.1-compatibility,
so I used the patch from here:
https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh

Building ran without any errors.

I tested with both machines (test on Core 120 - and productive - on Core 122) and found no errors so far:

...
[root@ipfiretest ~]# ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.0h  27 Mar 2018
...

...
root@ipfire: / # ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.0h  27 Mar 2018
...

All ssh-connections ran fine but I'm not REALLY sure if this is sufficient for anyone else.

Could someone please check and confirm!?

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-20 14:51:44 +01:00
Michael Tremer
b8fdc7398c static-routes: Make it clear that we are reloading routes 
When RED is brought down, we will reload all static routes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-13 15:03:59 +01:00
Michael Tremer
fd0a0384f0 rng-tools: Update to 6.4 
Also add a patch that keeps RDRAND enabled on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #11853
 2018-09-09 17:42:17 +01:00
Michael Tremer
3da2a66193 aws: Don't update the system on first boot 
This will violate AWS policy and therefore had to be removed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-31 11:08:53 +01:00
Stefan Schantl
21cab141ec suricata: Rule files are now located in /var/lib/suricata 
Place the rulefiles from now in "/var/lib/suricata".

Fixes #11834

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-29 12:37:44 +02:00
Michael Tremer
06d55142e5 pakfire: Remove any reference to counter.py 
The concept has been retired a very log time ago
and the web service only responds with 200 what ever
it is being sent.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-27 07:29:19 +01:00
Michael Tremer
e32591e7bf pakfire: Remove mirror health check 
This is not really necessary because pakfire will automatically
failover to the next mirror anyways and that a mirror responds
to an ICMP echo request doesn't necessarily mean that it can
deliver the requested file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-27 07:23:03 +01:00
Stefan Schantl
e568796bb0 ids-functions.pl: Also check and fix the permissions of rulespath 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-25 15:48:58 +02:00
Stefan Schantl
68123effb8 suricatactrl: Add fix-rules-dir command 
This command is used to set the ownership and permissions
back to nobody:nobdoy which is used by the WUI to write the
ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:54:34 +02:00
Stefan Schantl
9074853d8d suricatactrl: Add reload command 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:27:01 +02:00
Stefan Schantl
5f63067385 suricata: Fix initscript when using a single core machine 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 10:04:33 +02:00
Michael Tremer
366b40c740 setup: Don't write any mount errors over the GUI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-23 11:17:23 +01:00
Michael Tremer
95b87f39ac localnet: Set FQDN without using domainname command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-23 10:18:59 +01:00
Stefan Schantl
cb52183c6a Fix merge conflicts during merge of next and the suricata branch 2018-08-23 10:34:17 +02:00
Michael Tremer
84cd9b9162 Drop the network-trigger script 
This is done at boot time and doesn't normally need to be done again.

On AWS or in the setup, renaming any network interfaces is being
handled automatically.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:05:43 +01:00
Michael Tremer
f3d59d2c94 firstsetup: There is no need to restart udev here 
All network interfaces are renamed accordingly in setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:02:43 +01:00
Michael Tremer
c5465a9453 aws: Let udev rename all network interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-22 14:00:39 +01:00
Stefan Schantl
55658ee381 suricata: Fix detection of enabled IDS on zone in initscript 
I accidently commited the wrong file in the previous commit.
This is the fixed and working version.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:45:47 +02:00
Stefan Schantl
00a031145e suricata: Give 644 permissions to the suricata pidfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-17 08:24:19 +02:00
Stefan Schantl
3c2c54831f suricata: Add code to create iptables rules to the initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:51:13 +02:00
Stefan Schantl
7c82ee6165 firewall: Add chains for IPS (suricata) 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-16 18:50:39 +02:00
Michael Tremer
046ef135e6 Merge remote-tracking branch 'origin/efi' into next 2018-08-16 12:49:13 +01:00
Michael Tremer
242cfc3395 localnet: Properly format and quote variables 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:42:25 +01:00
Michael Tremer
5b9f387d59 localnet: Correctly set domain name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-16 12:41:52 +01:00
Michael Tremer
96422f85b6 aws: Hide pakfire update output 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
40436fa149 aws: Write user-data log to file only 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
281d75c945 aws: Execute reboot when an update requires one 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
3eeff87fe6 Fix typo in unbound initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
9ae73c3090 aws: Set PATH to search in /usr/local/(s)bin 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
6cf586436b aws: Import pakfire keys before the first launch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
bd7d957fae aws: Log output of user-data script to /root/user-data.log 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 11:51:53 +01:00
Michael Tremer
0ed9b77099 aws: Install all available updates first 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:11:08 +01:00
Michael Tremer
647ca912a2 aws: Setup DNS during init phase 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-15 10:10:13 +01:00
Michael Tremer
8defa50e73 aws: Execute user-data script while we have networking up 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-13 12:14:49 +01:00
Stefan Schantl
6187da5055 IDS: Add reload option to initscript 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-11 22:28:07 +02:00
Michael Tremer
467581b8ab avahi: Update to 0.7 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-10 11:19:25 +01:00
Michael Tremer
6064cd87cc Revert "avahi: Drop package" 
This reverts commit aa6ee515c5.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-10 11:11:48 +01:00
Arne Fitzenreiter
7529349754 kernel: apu2 leds: update string for newer bios 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 17:19:52 +02:00
Arne Fitzenreiter
b403b04a13 initrd: add early microcode load 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 13:32:36 +02:00
Arne Fitzenreiter
79bcc6f769 collectd: fix cpufreq plugin enable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-03 16:13:12 +02:00
Michael Tremer
f32cbd89d9 backup: Bump release number in ISO download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-03 13:07:31 +01:00
Stefan Schantl
843a8c570c snort: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 10:19:35 +02:00
Stefan Schantl
74b7d695c6 misc-progs: Rename snortctrl to suricatactrl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 09:50:31 +02:00
Stefan Schantl
d72b3e64c2 suricata: Introduce basic initscript 
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-02 19:54:22 +02:00
Michael Tremer
87589bce00 backup: Make backup ISO bootable on EFI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-31 16:36:09 +01:00
Michael Tremer
0cf70cae66 aws: Disable SSH password authentication by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-30 16:54:50 +01:00
Matthias Fischer
51099ddfd7 squid: Update to 3.5.28 
For details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-26 14:38:57 +01:00
Michael Tremer
4e4c122c58 aws: Add support for a script that can be executed at first boot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 16:19:46 +01:00