If the ruleset source has been changed, it has to be configured again.
This happens because of different rule categories, filenames rule ID's etc.
In case suricata currently is running it has to be stopped and after the configuration
has been done by the user, it can be launched again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Fix the if statement to detect wheater the ruleset has been
changed and automatically download the new one.
Fixes#11984.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Dynamically (Java Script) show/hide the area for entering the
subscription code / oinkcode based on the choosen ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This information is only valid for sourcefire (snort) rulesets, may
confuse users and therefore should be handled in the wiki.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This is potentially dangerous to set larger than zero.
Authentication is perfomed on basis of IP addresses which is
not a good idea at all.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is the authentication againt NT 4.0 style domain controllers.
squid has dropped support for this in the 4.5 release and nobody
should be using these old domain controllers any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I added a function to determine the number of cores.
Now the number of squid processes will be equal to the number of logical cores.
Further I removed the possibility of changing the number
of squid processes in the proxy.cgi
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: root <root@ipfire.test>
Fixes#11904
Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.
index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function is used to write the corresponding file which
tells oinkmaster to alter the whole ruleset and finally
switches suricata into an IPS or IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This hack is needed because "red" is used as "internet" in the language files
and "red1" contains the correct "red" translations.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now each of both have their own corresponding configuration areas.
The taken settings will be saved in "/var/ipfire/suricata/settings" for
all IDS/IPS related settings and in "/var/ipfire/suricata/rules-settings" for
ruleset related settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
I do not know why I forgot this. Now it is how it was intended
in the first place.
This commit removes all email addresses because people keep
emailing me for private support. Use the forum guys!
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
