webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,454 Commits 2 Branches 1 Tag
cce7aa9bb8252e00a89c93ca0cc19ecd8833f036
Commit Graph

7277 Commits

Author SHA1 Message Date
Arne Fitzenreiter
cce7aa9bb8 core143: add unbmound initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-07 08:57:50 +00:00
Arne Fitzenreiter
e4013c9dab core143: add suricata http port changes 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-07 08:54:27 +00:00
Stefan Schantl
e698090e7f IDS: Dynamically generate and import the HTTP ports. 
With this commit suricata reads the HTTP port declarations from a newly
introduced external file
(/var/ipfire/suricata/suricata-http-ports.yaml).

This file dynamically will be generated. HTTP ports always are the
default port "80" and "81" for update Accelerator and HTTP access to the
WUI. In case the Web-proxy is used, the configured proxy port and/or Transparent
Proxy port also will be declared as a HTTP port and written to that file.

In case one of the proxy ports will be changed, the HTTP port file will
be re-generated and suricate restarted if launched. Also if an old
backup with snort will be restored the convert script handles the
generation of the HTTP ports file.

Finally the suricata-generate-http-ports-file as a tiny script which
simply generates the http ports file and needs to be launched during the
installation of a core update. (The script will no be required
anymore, so it could be deleted afterwards.)

Fixes #12308.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-06 14:04:00 +00:00
Stefan Schantl
6084e66e70 suricata.yaml: Re-add EVE log section. 
Hopefully the EVE log will display some more content when trying to
debug suricata events and rules.

Fixes #12315.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-06 14:03:26 +00:00
Arne Fitzenreiter
b563d5bd69 core143: add backup include and ids-functions 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-05 07:58:07 +00:00
Stefan Schantl
7b97359b99 IDS: Add GREEN and BLUE addresses to the list of DNS servers. 
Fixes #12349.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-05 07:35:08 +00:00
Stefan Schantl
92206da35a Backup: Add idsrules tarball. 
The tarball is required to generate and restore the IDS ruleset.

Fixes #12319.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-05 07:34:07 +00:00
Stefan Schantl
00a083aaf2 Backup: Add suricata rules-settings file. 
This file contains the configured ruleset and oinkcode settings and
therefore needs to be backuped and restored.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-05 07:33:45 +00:00
Arne Fitzenreiter
2f8a33e182 suricata: increase dns flood trigger 
on slow lines unbound trigger the floodprotection at init.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-02 16:31:18 +00:00
Arne Fitzenreiter
0b0a3634cd core143: stop/start updated services 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:59:42 +00:00
Arne Fitzenreiter
55f4de214f core143: add suricata.yaml 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:50:47 +00:00
Stefan Schantl
d383248063 Suricata: Add port 81 (UpdateAccelerator) to group of HTTP ports. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:46:27 +00:00
Arne Fitzenreiter
006b79aaa9 core143: add ids.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:42:55 +00:00
Michael Tremer
2ff56df4e0 strongswan: Build sha3 plugin 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-04-01 14:40:39 +00:00
Arne Fitzenreiter
3c90dd92a5 core143: add dma, mail.cgi and vpnmain.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 19:13:08 +00:00
Arne Fitzenreiter
37533b0dea core143: apply changed sysctl settings 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:09:34 +00:00
Peter Müller
29a8992b72 sysctl.conf: Turn on hard- and symlink protection 
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 17:07:26 +00:00
Arne Fitzenreiter
2d599cca34 core143: add oinkmaster.conf 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:43:50 +00:00
Stefan Schantl
1d84b352df oinkmaster: Do not skip threshold.conf 
Fixes #12096.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:41:25 +00:00
Arne Fitzenreiter
2480c416d6 core143: set user of /var/spool/cron to cron 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:39:06 +00:00
Michael Tremer
e4a0b55881 fcron: Fix reloading crontab 
fcrontab -z fails on a freshly installed system since
/var/spool/cron is now owned by cron:cron and a temporary
file cannot be created.

This will have to be manually changed in the updater by
calling:

  chown cron:cron /var/spool/cron

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-30 16:37:38 +00:00
Arne Fitzenreiter
5192ceae53 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-03-29 06:35:21 +00:00
Arne Fitzenreiter
54e6ded417 smartmontools: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-29 06:34:18 +00:00
Matthias Fischer
454c77d4c4 bind: Update to 9.11.17 
For details see:
https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html

"Notes for BIND 9.11.17

Feature Changes

The configure option --with-libxml2 now uses pkg-config to detect
libxml2 library availability. You will either have to install pkg-config
or specify the exact path where libxml2 has been installed on your
system. [GL #1635]

Bug Fixes

Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-28 18:38:24 +00:00
Arne Fitzenreiter
41ac6f547e Revert "core143: add dhcp" 
This reverts commit 804deb1b23.
 2020-03-28 09:42:20 +01:00
Arne Fitzenreiter
0b1f09d581 core143: update local openssh config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 18:26:07 +00:00
Arne Fitzenreiter
9db0d4db5f core143: add backup.pl 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 18:03:19 +00:00
Arne Fitzenreiter
5562f26f69 vnstat: remove wrong tag file 
fixes #12305

I had created this tag file to ship the folder but vnstat doesn't like empty files.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:56:23 +00:00
Arne Fitzenreiter
5c1c9938eb core143: add firewall initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:50:26 +00:00
Arne Fitzenreiter
5d957b01c9 core143: add libtool 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:48:18 +00:00
Arne Fitzenreiter
804deb1b23 core143: add dhcp 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:46:05 +00:00
Arne Fitzenreiter
0167befa0a core143: add logwatch 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:44:08 +00:00
Arne Fitzenreiter
67345f5665 core143: add openssh 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:41:57 +00:00
Peter Müller
0017b688e8 ssh_config: Do not set defaults explicitly 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:52 +00:00
Peter Müller
57302eeb16 sshd_config: Do not set defaults explicitly 
In order to keep configurations as small as possible and to make them
easier to read/audit, this patch omits all default configuration in the
OpenSSH server configuration file.

Further, it mentions where to refer for the full documentation.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:50 +00:00
Peter Müller
3fd3f4de44 OpenSSH: update to 8.2p1 
Please refer to https://www.openssh.com/txt/release-8.2 for release
announcements. Since glibc < 2.31 is used, no additional patching was
required in order to restore correct login functionality.

Cc: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:40:06 +00:00
Arne Fitzenreiter
a48d35f3ff smartmontools: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 17:38:32 +00:00
Arne Fitzenreiter
f64ce4966b core143: add localnet initscript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 10:09:14 +00:00
Arne Fitzenreiter
ff9788d2d8 core143: netother.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 10:04:15 +00:00
Arne Fitzenreiter
2c0b745abb core143: add smartmontools 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 10:00:20 +00:00
Arne Fitzenreiter
87b18665c0 core143: add ovpnmain.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 09:45:17 +00:00
Matthias Fischer
a7e9342c18 ncurses: Update to 6.2 
For details see:
https://invisible-island.net/ncurses/announce.html#h2-release-notes

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-26 09:42:12 +00:00
Arne Fitzenreiter
9145787719 core143: add xz 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-24 08:59:58 +00:00
Marcel Lorenz
3b891a2d90 xz: update to 5.2.5 2020-03-23 18:38:17 +00:00
Arne Fitzenreiter
0617c1ce82 core143: add coreutils 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-23 18:33:39 +00:00
Peter Müller
d519f1239f coreutils: update rootfiles 
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-23 18:32:33 +00:00
Arne Fitzenreiter
4e412a00d3 core143: add glibc 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-22 19:10:46 +00:00
Michael Tremer
29cb9e478a glibc: Update to 2.31 
Fixes: #12288
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-22 07:30:45 +00:00
Arne Fitzenreiter
6319c9315c core143: add hwdata 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 16:30:15 +00:00
Arne Fitzenreiter
06b809b314 core143: add strongswan 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-21 16:28:04 +00:00