git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

author	Stefan Schantl <stefan.schantl@ipfire.org>
	Fri, 3 Apr 2020 14:25:01 +0000 (16:25 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 6 Apr 2020 14:04:00 +0000 (14:04 +0000)
commit	e698090e7f696923ff146b272b587a3eeca34c6c
tree	dfa294d9684d80c684a61d19fb091c22b640d37c	tree \| snapshot
parent	6084e66e70bc5a8f598029b075eeda1fc842fa00	commit \| diff

IDS: Dynamically generate and import the HTTP ports.

With this commit suricata reads the HTTP port declarations from a newly
introduced external file
(/var/ipfire/suricata/suricata-http-ports.yaml).

This file dynamically will be generated. HTTP ports always are the
default port "80" and "81" for update Accelerator and HTTP access to the
WUI. In case the Web-proxy is used, the configured proxy port and/or Transparent
Proxy port also will be declared as a HTTP port and written to that file.

In case one of the proxy ports will be changed, the HTTP port file will
be re-generated and suricate restarted if launched. Also if an old
backup with snort will be restored the convert script handles the
generation of the HTTP ports file.

Finally the suricata-generate-http-ports-file as a tiny script which
simply generates the http ports file and needs to be launched during the
installation of a core update. (The script will no be required
anymore, so it could be deleted afterwards.)

Fixes #12308.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

config/cfgroot/ids-functions.pl		diff \| blob \| blame \| history
config/suricata/convert-snort		diff \| blob \| blame \| history
config/suricata/suricata-generate-http-ports-file	[new file with mode: 0644]	blob
config/suricata/suricata.yaml		diff \| blob \| blame \| history
html/cgi-bin/ids.cgi		diff \| blob \| blame \| history
html/cgi-bin/proxy.cgi		diff \| blob \| blame \| history