webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 09:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,647 Commits 2 Branches 1 Tag
cf9efe511a403f9dba38340bf9c89bc1d30776f5
Commit Graph

317 Commits

Author SHA1 Message Date
Michael Tremer
cf9efe511a misc-progs: addonctrl: Sanitise add-on names before use 
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
db984059b2 misc-progs: Add functions to sanitise input arguments 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
6733d973d6 misc-progs: pakfire: Use new run() function 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
c33f477f5b misc-progs: backupctrl: Use new run() function 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
ca060524a7 misc-progs: Introduce run() 
This function invokes a new command similar to safe_system()
but without launching a shell before.

That way, it is possible to execute commands without any risk
of shell command injection from nobody.

Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
d9f9f16366 Drop launch-ether-wake 
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).

Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-27 21:06:57 +00:00
Michael Tremer
1a886f57d8 misc-progs: ipfirereboot: Remove unused cron functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:50:40 +00:00
Michael Tremer
81790c8a00 misc-progs: Set some defaults for CONFIG_ROOT and SNAME 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:50:19 +00:00
Michael Tremer
1a79ef8e43 misc-progs: Drop unused upnpctrl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:50:07 +00:00
Michael Tremer
f0c39f1739 misc-progs: Drop unused updxsetperms 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:48:44 +00:00
Michael Tremer
7908de2a95 misc-progs: Drop unused ipfiredeath & ipfirerebirth 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:48:39 +00:00
Michael Tremer
5cef36ccb1 misc-progs: Drop unused applejuicectrl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-01-06 14:48:34 +00:00
Peter Müller
fe0984e07b sshctrl: when enable or disable AllowTcpForwarding, change PermitOpen accordingly 
Fixes: #12546

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-12-21 21:33:15 +00:00
Michael Tremer
36bcdbf7e4 samba: Refactor user management 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:19 +01:00
Michael Tremer
1c14930212 samba: Always show printer options 
Samba is always linked against CUPS and therefore there is
no way to disable printing anyways.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
5aa5f6777a samba: Remove reset options 
This only requires that we have to change multiple files with
the same settings.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
e0be282c09 sambactrl: Remove unused reset command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00
Michael Tremer
b45faf9e70 IPsec: Bring down connections after reloading configuration 
It could happen that the remote peer re-established the connection
before "ipsec reload" removed it from the daemon.

Now, we write the configuration files first, reload them
and then bring down any connections that are still established.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Stefan Schantl
bdb1f38a07 unboundctrl: Add support for calling reload. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-11 19:35:24 +01:00
Michael Tremer
5e39f3c08a sshctrl: Fix syntax of generated sed command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 23:22:14 +01:00
Peter Müller
f9de28e6f0 change AllowAgentForwarding in SSHD configuration if, necessary 
Fixes #11931

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Michael Tremer
01604708c3 Merge remote-tracking branch 'stevee/next-suricata' into next 2019-03-14 13:19:35 +00:00
Michael Tremer
3446a17293 ipsecctrl: Call ipsec-interfaces script when turning up/shutting down connections 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
b89ae1a4e3 ipsecctrl: Don't wait when a connection is to be started 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
6cf8bc9161 IPsec: Move opening ports from ipsecctrl into ipsec-policy script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Michael Tremer
6c920b19cd IPsec: Rename ipsec-block script to ipsec-policy 
This is a more general name for a script that will be extended
soon to do more than just add blocking rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Stefan Schantl
6ce504a2f2 suricatactrl: Add "cron" command 
This command allows to enable the automatic update
of the used IDS ruleset and to specify the update interval.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-09-26 13:54:14 +02:00
Stefan Schantl
21cab141ec suricata: Rule files are now located in /var/lib/suricata 
Place the rulefiles from now in "/var/lib/suricata".

Fixes #11834

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-29 12:37:44 +02:00
Stefan Schantl
e568796bb0 ids-functions.pl: Also check and fix the permissions of rulespath 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-25 15:48:58 +02:00
Stefan Schantl
68123effb8 suricatactrl: Add fix-rules-dir command 
This command is used to set the ownership and permissions
back to nobody:nobdoy which is used by the WUI to write the
ruleset.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:54:34 +02:00
Stefan Schantl
9074853d8d suricatactrl: Add reload command 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-24 14:27:01 +02:00
Stefan Schantl
74b7d695c6 misc-progs: Rename snortctrl to suricatactrl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2018-08-03 09:50:31 +02:00
Michael Tremer
a3452c9030 ipsec: Open ports in outgoing direction 
When the firewall policy is blocked, no outgoing IPsec connections
can be established. That is slightly counter-intuitive since we
open ports in the incoming direction automatically.

Fixes: #11704

Reported-by: Oliver Fuhrer <oliver.fuhrer@bluewin.ch>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-24 10:47:16 +01:00
Stephan Feddersen via Development
a25c95b3a0 WIO: Update to Version 1.3.2 several changes in many files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-09 15:39:48 +00:00
Michael Tremer
3925a0db6c syslogdctrl: Fix sed syntax issues 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-30 20:54:46 +00:00
Michael Tremer
1e7b718cd4 syslogdctrl: Fix compiler error and SEGV 
Fixes #11574

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-20 14:51:40 +00:00
Michael Tremer
07e63f6d2a Revert "misc-progs: syslogdctrl: Fix data type of protocol variable" 
This reverts commit b269686f88.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-20 14:45:10 +00:00
Michael Tremer
b269686f88 misc-progs: syslogdctrl: Fix data type of protocol variable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-30 14:36:28 +00:00
Peter Müller
cbd1f0e719 allow remote syslog via TCP in syslogdctrl.c 
Make syslogctrl.c use TCP as remote logging file if specified so.

Thanks to Michael for reviewing this.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:45:52 +00:00
Michael Tremer
9c83954567 captivectrl: Remove unused code 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:06:45 +02:00
Michael Tremer
5511fa319a captive: Fix another typo in captivectrl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
abc41f02dd captive: Do not generally allow access to TCP/1013 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
fb1d26d1bc captivectrl: Add protection against DNS tunnels 
Limit the amount of DNS traffic for each client that
has not registered, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
76ece32362 captivectrl: Skip all lines that start with # 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
cec16b8242 captivectrl: Move sure that the settings are always initialised 
This just removes a compiler warning.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
5906c96206 wirelessctrl: Disable MAC filter on blue if captive portal is enabled 
Fixes #11038

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
0d6a599aba captivectrl: Add missing space character 
The iptables argument list was botched. Oops. Sorry.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
0c24f0a9df captivectrl: Support unlimited leases 
When the expiry time equals zero, the lease will have
no time constraints. The IP address will also be removed
as it might probably change.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
5fbeaf1333 captivectrl: Allow empty IP addresses 
Probably required for very long leases

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:03 +01:00