webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 12:32:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,515 Commits 2 Branches 1 Tag
ec418b7a0885bc5c31fd26f1a4b4eec191a9caed
Commit Graph

17515 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
ec418b7a08 ids-functions.pl: Drop accidently commited debug output. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 15:46:05 +01:00
Stefan Schantl
c1ccae1ce3 ids-functions.pl: Set bypass flag for whitelisted hosts. 
When adding a host to the whitelist set the bypass flag to
immediate take the load from the IDS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 15:41:43 +01:00
Stefan Schantl
43d12991d1 ids-functions.pl: Dynamically generate file of default suricata rules. 
The "/var/ipfire/suricata/suricata-default-rules.yaml" file, now
dynamicall will be generated, based on the enabled application layer
protocols.

Only existing rulefiles for enabled app layer protocols will be loaded.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 15:37:16 +01:00
Stefan Schantl
bb39fac437 ids-functions.pl: Add get_suricata_enable_app_layer_protos(). 
This function call suricata to obtain a list of enabled application
layer protocols (application/protocol parsers).

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 15:32:52 +01:00
Stefan Schantl
9e9d89ae37 suricata: Fix ownership of the classification.config file. 
The file has to be write-able for the nobody user.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:32:43 +01:00
Stefan Schantl
7ccea46172 ids-functions.pl: Remove config files when cleaning up the rules 
directory.

If there are one, they safly can be removed because the *.config files
now live in a different folder.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:32:21 +01:00
Stefan Schantl
6983a96eff ids-functions.pl: Adjust classification file for new path. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:31:53 +01:00
Michael Tremer
5a3e97b8d3 suricata: Load *.config files from default location 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-12-19 13:31:13 +01:00
Stefan Schantl
c68bcbb298 ids-functions.pl: Do not call stat if no file has been given. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:25:46 +01:00
Stefan Schantl
577e330495 ids-functions.pl: Check if the generated stored rulesfile of a provider 
exists before returning the filename.

This will prevent from using and processing non existing files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:25:26 +01:00
Stefan Schantl
27671216d5 update-ids-ruleset: Early exit script if lockfile exists. 
This prevents from running the script while the WUI is performing
operations at the same time or to launch multiple instances of the
script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
0f1d0b9c3c ids.cgi: Use experimental smartmatch. 
This will prevent from spawning the http error log with warnings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
4d438241c3 ids.cgi: Do not expect a space after the msg tag has been closed while 
processing rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
057e895351 ids-functions.pl: Proper return N/A if no ruleset date could be 
determined.

If no timestamp could be grabbed for rulestarball of a given provider,
return N/A.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
14696ced7e ids.cgi: Always write used providers rulefiles file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
258924ee79 ids.cgi: Add the provider handle if the forced update of a provider 
fails.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
fc685a36c5 ids-functions.pl: Return N/A if not date for a ruleset could be 
determined.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
969983eba4 ids.cgi: Add some more sanity checks when adding a new provider. 
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
  downloaded.

In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
214f34ec4e ids.cgi: Use newly intruduced functions when removing a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
63cf95af3f ids.cgi: Introduce remove_provider(). 
This function is used to remove a configured provider by it's ID.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
697787c930 ids.cgi: Introduce get_provider_handle(). 
This function is used to get the configured provider handle by a a given ID.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
1e52a25825 ids.cgi: Regenerate ruleset if a provider get re-enabled. 
Otherwise it could happen, that there are no rules files for this
specific provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
724f98c086 ids.cgi: Fix check when changing the IDS to monitor mode or drop mode. 
The test condition was wrong here and therefore oinkmaster never has
been executed when this setting has been changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
7131a7bd94 ids.cgi: Allow whitespaces when parsing the rules files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
302420ad4a convert-ids-multiple-providers: Fix setting ownership for the main 
oinkmaster provider includes file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
a081f20390 ids-functions.pl: Fix writing for used provider rulefiles. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
a2964e14f8 convert-ids-multiple-providers: Proper open the oinkmaster providers 
sids file for writing.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
c0727f8b45 convert-ids-multiple-providers: Fix typo which tried to load the wrong 
lib.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
cd13dbc544 convert-ids-multiple-providers: Remove old used rulefiles file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
f901c7401c convert-ids-multiple-providers: Always remove old enabled / disabled 
sids files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
17b9a1581c convert-ids-multiple-providers: Restart suricata afterwards. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
4aa1382e22 backup.pl: Launch convert-ids-multiple-providers if neccessary. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
77b373d620 IDS: Add convert-ids-multiple-provider script. 
This converter does all the magic to convert any suricata
based IPFire version to work with the new multiple providers
IDS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
ded4348d0d ids.cgi: Do not expect a space before the sid when parsing rulefiles. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
58d368d11c convert-snort: Adjust converter to work with new IDS. 
Only in case if somebody tries to import such an old backup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
5b43f9db15 ids-functions.pl: Remove as deprecated marked variables. 
They are not needed anymore.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
1aa3dbf56d ruleset-sources: Update download URL for Talos rulesets. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
6cbed0c213 ruleset-sources: Add additional providers. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
4015d3f499 ids.cgi: Sort elements in providers dropdown menu. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
1b0e555fd3 ids-functions.pl: Only write existing provider specific used rulesfiles 
files into main include yaml file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
69b3156f74 IDS: Move read_enabled_disabled_sids_file() function to ids-functions.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
b35e27a28a backup: Adjust includes file to include new IDS files into backups. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
52071c0e9e Revert "ids-functions.pl: Remove config files on rulesdir cleanup." 
Not all config files are shipped by the rulesets. For example the
"threshold.conf" and the "referneces.conf" are not include in each
ruleset.

Therefore it is not a common way to delete all config files. It is
much safer to simple keep them and overwrite existing ones by the
generated ones.

This reverts commit a71c3c9dcc60541aa4504d0f1fb0a78c0d58ed5e.
 2021-12-19 13:23:43 +01:00
Stefan Schantl
1b5aec1b7d ids-functions.pl: Move code to handle plain rules files to 
extractruleset() function.

Now everithing which is extracting or moving stored ruleset files is
easily accessing via one function which takes care about.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
01fc880cf3 ids-functions.pl: Only read providers used rulefiles file if it exists. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
35bc92a307 ids-functions.pl: Fix accidently commited debug file path. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
6875f9ce7c update-ids-ruleset: Port script to work with multiple providers. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
71766c081c langs-de.pl: Fix grammar. 
Even as a native speaker, it seems german sometimes is a very difficult language......

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
515a694d1c ids.cgi: Add code to handle the reset of a provider to it's defaults. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
f3d421a3b1 ids.cgi: Make backend code for forced ruleset update working again. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00