This is no longer required since we have a new CGI script
that takes care of all DNS settings and stores things in
another format.
Fixes: #12235
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Otherwise it may happen, that the created config files have wrong
permissions and the WUI will break.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Since DNSSEC relies on time to validate its signatures,
a common problem is that some systems (usually those without
a working RTC) are not being able to reach their time server.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When the system comes online, we must update entries
in the unbound cache to point to the "safe" IP addresses.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those checks have caused us a lot of trouble and are now being dropped.
Users must make sure to choose servers that support DNSSEC or enable
any of the tunneling mechanisms to be able to reach them.
Fixes: #12239
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The old configuration file in /etc/sysconfig/unbound is no
longer being used and all settings should be in
/var/ipfire/dns/settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It was incorrect to use forward zones here, because that
assumes that unbound is talking a recursive resolver here.
The feature is however designed to be talking to an authoritative
server.
Fixes: #12230
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Libraries were treated differently and therfore it could
happen that they were not stripped from any unnecessary
relocation information at all.
This patch changes that and strips everything from
libraries that we do not need.
The ISO was 3MB smaller.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit allows to configure suricata to monitor traffic from or to
OpenVPN tunnels. This includes the RW server and all established N2N
connections.
Because the RW server and/or each N2N connection uses it's own tun?
device, it is only possible to enable monitoring all of them or to disable
monitoring entirely.
Fixes#12111.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.
That resulted in no records being created and nothing being
filtered.
This will now set/reset safe search when the system connects
to the Internet.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
