The web UI is rather slow and one of the reasons for that is that we are
reading the same files over and over again...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since we no longer support other themes, the web UI should load quicker
if not importing too many other files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This patch ensures that if a restore is carried out from an earlier version that includes
ALIENVAULT and/or SPAMHAUS_EDROP that the references will be removed.
- This is the same code as was put into the update.sh file with the previous patch of this
set.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This removes any time entries in the modified file for either ALIENVAULT or
SPAMHAUS_EDROP.
- This also removes any blocklists for either of these sources from the /var/lib/ipblocklist
directory.
- This patch will ensure that any reference to either of these sources is removed from the
ipblocklist files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- ALIENVAULT has not been updated since at least Nov 2022 but probably earlier. There is no
date for the file to be downloaded but a forum user has log messages from Nov 2022 that
indicate the file had not changed as therefore no download occurred.
- AT&T aquired AlienVault in August 2018. Somewhere between 2018 and 2022 the list stopped
getting updated. AlienVault references on the AT&T website are now for a different
product.
- Discussed in IPFire conf call of April 2024 and agreed to remove the ALIENVAULT
blocklist.
- On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP list. The eDROP
list is still available but is now empty. Trying to select the SPAMHAUS_EDROP list
gives an error message that the blocklist was found to be empty.
- This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists from the ipblocklist
sources file.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Jan-08
- The 1.x version of Icinga has been EOL since 2018
- The 2.x version would require a complete new configuration approach as the settings
and options are completely different to 1.x and so would be a start from scratch.
- removal of icinga from make.sh file
- removal of lfs file
- removal of rootfile
- removal of configuration file
- removal of backup includes file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- sslh is listed in the initscripts lfs and rootfiles.
- Removal of these references with the bremoval of sslh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Apr-08
- sslh has not been functioning since last update ion Sep 2021. Configuration syntax
was radically changed somewhere in the update from 1.7a(2013) to 1.22c in Sep 2021
- removal of sslh from make file
- removal of lfs file
- removal of rootfile
- removal of paks files
- removal of initscript
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.49/doc/arm/html/notes.html#notes-for-bind-9-16-49
"Bug Fixes
A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed. [GL #4596]
Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed. [GL #4621]
The logic for cleaning up expired cached DNS records was tweaked to be
more aggressive. This change helps with enforcing max-cache-ttl and
max-ncache-ttl in a timely manner. [GL #4591]
It was possible to trigger a use-after-free assertion when the overmem
cache cleaning was initiated. This has been fixed. [GL #4595]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this feature should not used by IPFire and there
is a possible unfixed race condition that can
used for a privilege elevation attack.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We require this because Suricata might be restarted due to development
or rule refreshment purposes. We should then try to resume any
decoders/app-layers wherever possible.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Set this value to the same as the exception-policy to keep in sync and
hopefully have the same behaviour. In case this option is not set an
ugly message about a not correctly set value will be logged to syslog
during startup.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will limit the suricata process to only read and write to a certain
files/directories.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This simply will skip processing a packet that caused an exception and will
allow Suricata to process all following packets of a flow.
Reference: #13638
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Updata the configuration file for suricata 7.
This includes:
* Default values for newly introduced features and parsers
* Enable recently added protocol parsers for HTTP2, QUIC, Telnet and Torrent
* Update of URL for documentation
* Fixes of various typos and other clarifications
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
