webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-17 14:33:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,423 Commits 2 Branches 1 Tag
eaf5364413ab44dff0640396653fef4e39ace4d7
Commit Graph

18423 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
eaf5364413 ids.cgi: Disable manual update button if a provider is not longer 
supported.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:21:20 +02:00
Stefan Schantl
6bef05b9ed ids.cgi: Proper handle providers which are not longer supported. 
They will be shown with a different background colour to get the users
attention.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:03:56 +02:00
Stefan Schantl
7c4b8df716 update-ids-ruleset: Skip unsupported providers. 
In case a configured provider is not longer supported, simply skip it
and do not try to perform an update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:02:41 +02:00
Stefan Schantl
da5c7c24f0 ids.cgi: Remove orphaned headline. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 16:02:28 +02:00
Stefan Schantl
b3dbe9ef64 backup.pl: Run convert-ids-backend-files converter. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:57:34 +02:00
Stefan Schantl
7bc15b982c backup: Add files for new IDS backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:54:44 +02:00
Stefan Schantl
f7eedacb43 convert-ids-backend-files: Restart suricata if the IDS is running. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:51:06 +02:00
Stefan Schantl
5bad33e9a4 ids.cgi: Display return code on download error, when adding a new 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:32:27 +02:00
Stefan Schantl
00271ed769 ids.cgi: Handle "Not modified" when forcing an ruleset update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:30:03 +02:00
Stefan Schantl
b645f7fc86 ids.cgi: Do not longer use hard-coded status messages in 
oinkmaster_web() function.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:12:58 +02:00
Stefan Schantl
93af000b8b oinkmaster: Drop package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:54:11 +02:00
Stefan Schantl
d2bf4d377f suricata: Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:51:48 +02:00
Stefan Schantl
0d99255c06 suricata: Create empty threshold.config file. 
The file is referenced in the suricata config file and if not
present some ugly warnings will be displayed/logged during startup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:49:52 +02:00
Stefan Schantl
d44d4ccf34 suricata: Create directory to store the downloaded ruleset files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:48:35 +02:00
Stefan Schantl
b75baeff28 suricata: Do not longer install YAML file for default rules. 
This file got obsolete, because it's content will be generated
dynamically by the backend code.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:42:22 +02:00
Stefan Schantl
2e558477da convert-ids-backend-files: Convert MONITOR_TRAFFIC_ONLY settings. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 14:39:09 +02:00
Stefan Schantl
a2c56ead73 ids-functions.pl: Remove read_enabled_disabled_sids_file() function. 
Not longer needed and therefore dead code.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 06:02:49 +02:00
Stefan Schantl
a15c9b16b4 IDS: Move autoupdate logic to cron. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:59:33 +02:00
Stefan Schantl
c2eac6fcd4 convert-ids-backend-files: Move already downloaded files to new 
location.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:52:01 +02:00
Stefan Schantl
b570d35c0a ids-functions.pl: Change location for downloaded rulesfiles to 
"/var/cache/suricata/".

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:19:20 +02:00
Stefan Schantl
4f513522fe ids-functions.pl: Do not use a hard-code temporary download location. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:18:37 +02:00
Stefan Schantl
c215cfd887 convert-ids-backend-files: Remove old backend related files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:13:23 +02:00
Stefan Schantl
70b1672d94 convert-ids-backend-files: Remove converted files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:12:56 +02:00
Stefan Schantl
9f7702544a convert-ids-backend-files: Regenerate ruleset and used rulesets file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:10:45 +02:00
Stefan Schantl
c00609ce56 convert-ids-backend-files: Successor of the 
convert-ids-modifications-files converter.

This converter also will convert the used rulesfiles file for the
providers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-14 06:18:56 +02:00
Stefan Schantl
2f154264a0 ids.cg: Regeneate ruleset if the ruleset action (mode) of a provider 
get changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-14 05:16:25 +02:00
Stefan Schantl
39b5adb940 update-ids-ruleset: Only regenerate and reload ruleset on at least one 
successfull update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-11 05:57:05 +02:00
Stefan Schantl
990d111d70 ids-functions.pl: Add support for Etags. 
Etags are used to itentify if an ressource has been changed
by sending a special request and an Etag value to the server.

If the ressource has changed the server will serve the new content
otherwise it will return the 304 (Not-Modified) code.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-11 05:48:17 +02:00
Stefan Schantl
149a3291df ids.cgi: Do not double display a working notice when removing a ruleset 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-11 05:47:15 +02:00
Stefan Schantl
faa8c62f63 ids.cgi: Use new oinkmaster_web function instead the silent one from 
ids-functions.

This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:25:36 +02:00
Stefan Schantl
44d41fd692 ids.cgi: Add oinkmaster_web () function. 
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:23:49 +02:00
Stefan Schantl
1aaa347774 ids.cgi: Allow to split working_notice function into two parts. 
This allows to open the notice and close it at a later time.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:19:41 +02:00
Stefan Schantl
25652a75d4 ids.cgi: Keep IDS/IPS mode settings when enabling/disabling a provider 
or autoupdate for it.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:17:05 +02:00
Stefan Schantl
30c4a9ff35 ids.cgi: Adjust code to use new used-rulesfiles backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-09 15:00:21 +02:00
Stefan Schantl
8d6714edc8 ids-functions.pl: Change backend to use one file to load the used 
rulefiles.

Suricata seems to struggle when using multiple and/or nested includes in
the same config section. This results in a only partially loaded
confguration where not all rulefiles are loaded and used.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-09 14:10:13 +02:00
Stefan Schantl
fa7663a1b5 ids.cgi: Remove newly added provider if the rules could not be 
downloaded.

When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.

To avoid that, the provider needs to be removed again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:26:35 +01:00
Stefan Schantl
8114440752 convert-ids-modification-files: New converter. 
This converter is responsible to convert the old oinkmaster modification
files into the new files and format.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:12:55 +01:00
Stefan Schantl
432b8ed21e ids.cgi: Drop last fragments from old modify sids backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:54:19 +01:00
Stefan Schantl
849fc8ea15 ids-functions.pl: Drop oinkmaster related functions and declarations. 
They are not longer needed and safely can be dropped.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:45:17 +01:00
Stefan Schantl
443ad51d1c ids.cgi: Allow to configure IDS/IPS mode individually for each provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:21 +01:00
Stefan Schantl
4c98be8bd2 ids.cgi: Use new provider modifications backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:02 +01:00
Stefan Schantl
9f353f8518 ids.cgi: Use new backend to store the ruleset modifications of a 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:44 +01:00
Stefan Schantl
2deba6bf4a ids-functions.pl: Use "enabled/disabled" to mark if a rule should be 
altered.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:24 +01:00
Stefan Schantl
794469483f ids-functions.pl: Replace call of external oinkmaster.pl to newly 
introduced process_ruleset function.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:35:48 +01:00
Stefan Schantl
5a6c7bbe85 ids-functions.pl: Add process_ruleset() function. 
This function is going to replace the part which currently the
oinkmaster.pl script does.

It will read in the extracted ruleset, remove duplicates and alter the
rules to alert or drop in case they match. Also rules will be enabled or
disabled if the used requested this.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:34:30 +01:00
Stefan Schantl
518cbdd389 ids-functions.pl: Add get_provider_ruleset_modifications_file(). 
This function will obosolete the old oinkmaster modifications files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:34:11 +01:00
Stefan Schantl
e246285af4 ids-functions.pl: Add private function to obtain the sid and rev of a 
rule.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:33:47 +01:00
Stefan Schantl
e0eb5bc737 ids-functions.pl: Add get_providers_mode() function. 
This function is used to gather the modes of the configured providers
and return them as hash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:33:28 +01:00
Stefan Schantl
ff780d8b3f update-ids-ruleset: Fix typo in return code. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:27:01 +01:00
Stefan Schantl
74019d3044 update-ids-ruleset: Skip providers which are not enabled. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:23:44 +01:00