Fix for Bug 12445: There is no proper way to distinguish between MS Azure and a local
Hyper-V installation Procedure: try to get the metadata info from the
internal MS metadata service at IP 169.254.169.254 If this fails the system
is running on an local Hyper-V instance wget takes too long to exit if the IP
is not reachable Added --timeout and --tries param to wget to reduce the
duation from 8 minutes to 9 seconds 9 seconds at one try should be enough
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Thomas Cekal <admin@cekal.org>
"wireless extensions" is the old interface to speak to the kernel.
All newer drivers support nl80211 now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSH init script only kills the main daemon which leads to any child
processes (for remaining connections) being untouched.
killproc returns 4 (unknown error) when not all processes were killed
which is not intended here. Therefore we ignore the error and do not
pause the shut down process for a minute.
Fixes: #12544
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Newer kernels seem to return this in lowercase format which makes the
comparison to "EC2" fail.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bacula install used the bacula initscript for starting and stopping bacula.
This works fine but results in no pid or memory input in the addons table
under services.
Using the IPFire initscript also successfully starts and stops bacula with
no problems but also provides the pid and memory information in the services
addons table.
- rootfiles adjusted to remove the reference to bacula-ctl-fd
- lfs/bacula adjusted to remove the init.d/bacula link generation
remove the "rm -f /root/.rnd" command. This file is not present
and I have not seen this command in any other lfs file that I
have looked at.
- new bacula initscript created
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When safe search is enabled, it is being enabled on YouTube, too.
This creates problems in some scenarios like schools where politics
is being tought as well as other subjects that might be censored by
YouTube (i.e. election TV spots).
Therefore it is now possible to exclude YouTube from Safe Search
but keep it enabled for the search engines.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSH daemon was not terminated properly because killproc
tried to terminate all processes with that name. That caused
that the master daemon respawned some processed which were
therefore not killed because killproc determined a list of
PIDs only once before starting sending signals.
This patch only kills the master process which is being
determined by using sshd's pid file.
That results in all established connections not being
interrupted any more.
Furthermore, the loadproc function checks if any processes
with the given name are already running which could be true
if there are any connections still open.
That check is being disabled with the -f switch and sshd
will always be launched.
"/etc/init.d/sshd stop" might now print FAIL if only the
master process, but no connection processes were terminated.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.
However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.
Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The whole hostname was used as domain name because there
was no . in it where the string could have been split.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.
This patch always leaves SMT enabled in all virtual environments.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
If this module is not being loaded, the kernel will mark any
GRE connection as INVALID in connection tracking, which will
be then silently dropped by a firewall rule.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
AWS supports jumbo-frames which IPFire can take advantage of
to increase network throughput internally.
The MTU for RED was left as 1500 to avoid packet fragmentation
in the cloud network and have IPFire do that job.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since more processes depend on good randomness, we need to
make sure that the kernel's PRNG is initialized as early as
possible.
For systems without a HWRNG, we will need to fall back to our
noisy loop and wait until we have enough randomness.
This patch also removes saving and restoring the seed. This
is no longer useful because the kernel's PRNG only takes any
input after it has successfully been seeded from other sources.
Hence adding this seed does not increase its randomness.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the mame of main.cvd has changed to main.cld on my system.
Add both types and also ad bytecode.c?d
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
