# Convert old OpenVPN CCD files (CN change, Core Update 75)
convert-ovpn
+ # Snort to suricata converter.
+ if [ -d "/var/ipfire/snort" ]; then
+ # Run converter
+ convert-snort
+
+ # Remove old configuration directory.
+ rm -rf "/var/ipfire/snort"
+ fi
+
return 0
}
/var/ipfire/proxy
/var/ipfire/qos/*
/var/ipfire/qos/bin/qos.sh
+/var/ipfire/suricata/*.conf
+/var/ipfire/suricata/*.yaml
/var/ipfire/*/settings
/var/ipfire/time/
/var/ipfire/urlfilter
/var/ipfire/vpn
+/var/lib/suricata
/var/log/ip-acct/*
/var/log/rrd/*
/var/log/rrd/collectd
--- /dev/null
+/etc/dnsdist.conf
while (<FILE>)
{
chop;
+
+ # Skip comments.
+ next if ($_ =~ /^#/);
+
($var, $val) = split /=/, $_, 2;
if ($var)
{
# Function to get all available GeoIP locations.
sub get_geoip_locations() {
- my @locations;
+ my @locations = ();
# Open the location database.
- open(LOCATION, "$geoip_database_dir/$location_database") or die "Could not open $geoip_database_dir/$location_database. $!\n";
+ open(LOCATION, "$geoip_database_dir/$location_database") or return @locations;
# Loop through the file.
while(my $line = <LOCATION>) {
--- /dev/null
+#!/usr/bin/perl -w
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org>. #
+# #
+############################################################################
+
+package IDS;
+
+require '/var/ipfire/general-functions.pl';
+
+# Location where all config and settings files are stored.
+our $settingsdir = "${General::swroot}/suricata";
+
+# File where the used rulefiles are stored.
+our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
+
+# File where the addresses of the homenet are stored.
+our $homenet_file = "$settingsdir/suricata-homenet.yaml";
+
+# File which contains the enabled sids.
+our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf";
+
+# File which contains the disabled sids.
+our $disabled_sids_file = "$settingsdir/oinkmaster-disabled-sids.conf";
+
+# File which contains wheater the rules should be changed.
+our $modify_sids_file = "$settingsdir/oinkmaster-modify-sids.conf";
+
+# File which stores the configured IPS settings.
+our $ids_settings_file = "$settingsdir/settings";
+
+# File which stores the configured rules-settings.
+our $rules_settings_file = "$settingsdir/rules-settings";
+
+# File which stores the configured settings for whitelisted addresses.
+our $ignored_file = "$settingsdir/ignored";
+
+# Location and name of the tarball which contains the ruleset.
+our $rulestarball = "/var/tmp/idsrules.tar.gz";
+
+# File to store any errors, which also will be read and displayed by the wui.
+our $storederrorfile = "/tmp/ids_storederror";
+
+# File to lock the WUI, while the autoupdate script runs.
+our $ids_page_lock_file = "/tmp/ids_page_locked";
+
+# Location where the rulefiles are stored.
+our $rulespath = "/var/lib/suricata";
+
+# File which contains the rules to whitelist addresses on suricata.
+our $whitelist_file = "$rulespath/whitelist.rules";
+
+# File which contains a list of all supported ruleset sources.
+# (Sourcefire, Emergingthreads, etc..)
+our $rulesetsourcesfile = "$settingsdir/ruleset-sources";
+
+# The pidfile of the IDS.
+our $idspidfile = "/var/run/suricata.pid";
+
+# Location of suricatactrl.
+my $suricatactrl = "/usr/local/bin/suricatactrl";
+
+# Array with allowed commands of suricatactrl.
+my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
+
+# Array with supported cron intervals.
+my @cron_intervals = ('off', 'daily', 'weekly' );
+
+#
+## Function to check and create all IDS related files, if the does not exist.
+#
+sub check_and_create_filelayout() {
+ # Check if the files exist and if not, create them.
+ unless (-f "$enabled_sids_file") { &create_empty_file($enabled_sids_file); }
+ unless (-f "$disabled_sids_file") { &create_empty_file($disabled_sids_file); }
+ unless (-f "$modify_sids_file") { &create_empty_file($modify_sids_file); }
+ unless (-f "$used_rulefiles_file") { &create_empty_file($used_rulefiles_file); }
+ unless (-f "$ids_settings_file") { &create_empty_file($ids_settings_file); }
+ unless (-f "$rules_settings_file") { &create_empty_file($rules_settings_file); }
+ unless (-f "$ignored_file") { &create_empty_file($ignored_file); }
+ unless (-f "$whitelist_file" ) { &create_empty_file($whitelist_file); }
+}
+
+#
+## Function for checking if at least 300MB of free disk space are available
+## on the "/var" partition.
+#
+sub checkdiskspace () {
+ # Call diskfree to gather the free disk space of /var.
+ my @df = `/bin/df -B M /var`;
+
+ # Loop through the output.
+ foreach my $line (@df) {
+ # Ignore header line.
+ next if $line =~ m/^Filesystem/;
+
+ # Search for a line with the device information.
+ if ($line =~ m/dev/ ) {
+ # Split the line into single pieces.
+ my @values = split(' ', $line);
+ my ($filesystem, $blocks, $used, $available, $used_perenctage, $mounted_on) = @values;
+
+ # Check if the available disk space is more than 300MB.
+ if ($available < 300) {
+ # Log error to syslog.
+ &_log_to_syslog("Not enough free disk space on /var. Only $available MB from 300 MB available.");
+
+ # Exit function and return "1" - False.
+ return 1;
+ }
+ }
+ }
+
+ # Everything okay, return nothing.
+ return;
+}
+
+#
+## This function is responsible for downloading the configured IDS ruleset.
+##
+## * At first it obtains from the stored rules settings which ruleset should be downloaded.
+## * The next step is to get the download locations for all available rulesets.
+## * After that, the function will check if an upstream proxy should be used and grab the settings.
+## * The last step will be to generate the final download url, by obtaining the URL for the desired
+## ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
+#
+sub downloadruleset {
+ # Get rules settings.
+ my %rulessettings=();
+ &General::readhash("$rules_settings_file", \%rulessettings);
+
+ # Check if a ruleset has been configured.
+ unless($rulessettings{'RULES'}) {
+ # Log that no ruleset has been configured and abort.
+ &_log_to_syslog("No ruleset source has been configured.");
+
+ # Return "1".
+ return 1;
+ }
+
+ # Get all available ruleset locations.
+ my %rulesetsources=();
+ &General::readhash($rulesetsourcesfile, \%rulesetsources);
+
+ # Read proxysettings.
+ my %proxysettings=();
+ &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+
+ # Load required perl module to handle the download.
+ use LWP::UserAgent;
+
+ # Init the download module.
+ my $downloader = LWP::UserAgent->new;
+
+ # Set timeout to 10 seconds.
+ $downloader->timeout(10);
+
+ # Check if an upstream proxy is configured.
+ if ($proxysettings{'UPSTREAM_PROXY'}) {
+ my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ my $proxy_url;
+
+ # Check if we got a peer.
+ if ($peer) {
+ $proxy_url = "http://";
+
+ # Check if the proxy requires authentication.
+ if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
+ $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
+ }
+
+ # Add proxy server address and port.
+ $proxy_url .= "$peer\:$peerport";
+ } else {
+ # Log error message and break.
+ &_log_to_syslog("Could not proper configure the proxy server access.");
+
+ # Return "1" - false.
+ return 1;
+ }
+
+ # Setup proxy settings.
+ $downloader->proxy(['http', 'https'], $proxy_url);
+ }
+
+ # Grab the right url based on the configured vendor.
+ my $url = $rulesetsources{$rulessettings{'RULES'}};
+
+ # Check if the vendor requires an oinkcode and add it if needed.
+ $url =~ s/\<oinkcode\>/$rulessettings{'OINKCODE'}/g;
+
+ # Abort if no url could be determined for the vendor.
+ unless ($url) {
+ # Log error and abort.
+ &_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
+ return 1;
+ }
+
+ # Variable to store the filesize of the remote object.
+ my $remote_filesize;
+
+ # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
+ # for this webserver.
+ #
+ # Check if the ruleset source contains "snort.org".
+ unless ($url =~ /\.snort\.org/) {
+ # Pass the requrested url to the downloader.
+ my $request = HTTP::Request->new(HEAD => $url);
+
+ # Accept the html header.
+ $request->header('Accept' => 'text/html');
+
+ # Perform the request and fetch the html header.
+ my $response = $downloader->request($request);
+
+ # Check if there was any error.
+ unless ($response->is_success) {
+ # Obtain error.
+ my $error = $response->status_line();
+
+ # Log error message.
+ &_log_to_syslog("Unable to download the ruleset. \($error\)");
+
+ # Return "1" - false.
+ return 1;
+ }
+
+ # Assign the fetched header object.
+ my $header = $response->headers();
+
+ # Grab the remote file size from the object and store it in the
+ # variable.
+ $remote_filesize = $header->content_length;
+ }
+
+ # Load perl module to deal with temporary files.
+ use File::Temp;
+
+ # Generate temporay file name, located in "/var/tmp" and with a suffix of ".tar.gz".
+ my $tmp = File::Temp->new( SUFFIX => ".tar.gz", DIR => "/var/tmp/", UNLINK => 0 );
+ my $tmpfile = $tmp->filename();
+
+ # Pass the requested url to the downloader.
+ my $request = HTTP::Request->new(GET => $url);
+
+ # Perform the request and save the output into the tmpfile.
+ my $response = $downloader->request($request, $tmpfile);
+
+ # Check if there was any error.
+ unless ($response->is_success) {
+ # Obtain error.
+ my $error = $response->content;
+
+ # Log error message.
+ &_log_to_syslog("Unable to download the ruleset. \($error\)");
+
+ # Return "1" - false.
+ return 1;
+ }
+
+ # Load perl stat module.
+ use File::stat;
+
+ # Perform stat on the tmpfile.
+ my $stat = stat($tmpfile);
+
+ # Grab the local filesize of the downloaded tarball.
+ my $local_filesize = $stat->size;
+
+ # Check if both file sizes match.
+ if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
+ # Log error message.
+ &_log_to_syslog("Unable to completely download the ruleset. ");
+ &_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
+
+ # Delete temporary file.
+ unlink("$tmpfile");
+
+ # Return "1" - false.
+ return 1;
+ }
+
+ # Load file copy module, which contains the move() function.
+ use File::Copy;
+
+ # Overwrite existing rules tarball with the new downloaded one.
+ move("$tmpfile", "$rulestarball");
+
+ # If we got here, everything worked fine. Return nothing.
+ return;
+}
+
+#
+## A tiny wrapper function to call the oinkmaster script.
+#
+sub oinkmaster () {
+ # Check if the files in rulesdir have the correct permissions.
+ &_check_rulesdir_permissions();
+
+ # Cleanup the rules directory before filling it with the new rulest.
+ &_cleanup_rulesdir();
+
+ # Load perl module to talk to the kernel syslog.
+ use Sys::Syslog qw(:DEFAULT setlogsock);
+
+ # Establish the connection to the syslog service.
+ openlog('oinkmaster', 'cons,pid', 'user');
+
+ # Call oinkmaster to generate ruleset.
+ open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|") or die "Could not execute oinkmaster $!\n";
+
+ # Log output of oinkmaster to syslog.
+ while(<OINKMASTER>) {
+ # The syslog function works best with an array based input,
+ # so generate one before passing the message details to syslog.
+ my @syslog = ("INFO", "$_");
+
+ # Send the log message.
+ syslog(@syslog);
+ }
+
+ # Close the pipe to oinkmaster process.
+ close(OINKMASTER);
+
+ # Close the log handle.
+ closelog();
+}
+
+#
+## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
+#
+sub log_error ($) {
+ my ($error) = @_;
+
+ # Remove any newline.
+ chomp($error);
+
+ # Call private function to log the error message to syslog.
+ &_log_to_syslog($error);
+
+ # Call private function to write/store the error message in the storederrorfile.
+ &_store_error_message($error);
+}
+
+#
+## Function to log a given error message to the kernel syslog.
+#
+sub _log_to_syslog ($) {
+ my ($message) = @_;
+
+ # Load perl module to talk to the kernel syslog.
+ use Sys::Syslog qw(:DEFAULT setlogsock);
+
+ # The syslog function works best with an array based input,
+ # so generate one before passing the message details to syslog.
+ my @syslog = ("ERR", "<ERROR> $message");
+
+ # Establish the connection to the syslog service.
+ openlog('oinkmaster', 'cons,pid', 'user');
+
+ # Send the log message.
+ syslog(@syslog);
+
+ # Close the log handle.
+ closelog();
+}
+
+#
+## Private function to write a given error message to the storederror file.
+#
+sub _store_error_message ($) {
+ my ($message) = @_;
+
+ # Remove any newline.
+ chomp($message);
+
+ # Open file for writing.
+ open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";
+
+ # Write error to file.
+ print ERRORFILE "$message\n";
+
+ # Close file.
+ close (ERRORFILE);
+
+ # Set correct ownership for the file.
+ &set_ownership("$storederrorfile");
+}
+
+#
+## Function to get a list of all available network zones.
+#
+sub get_available_network_zones () {
+ # Get netsettings.
+ my %netsettings = ();
+ &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+ # Obtain the configuration type from the netsettings hash.
+ my $config_type = $netsettings{'CONFIG_TYPE'};
+
+ # Hash which contains the conversation from the config mode
+ # to the existing network interface names. They are stored like
+ # an array.
+ #
+ # Mode "0" red is a modem and green
+ # Mode "1" red is a netdev and green
+ # Mode "2" red, green and orange
+ # Mode "3" red, green and blue
+ # Mode "4" red, green, blue, orange
+ my %config_type_to_interfaces = (
+ "0" => [ "red", "green" ],
+ "1" => [ "red", "green" ],
+ "2" => [ "red", "green", "orange" ],
+ "3" => [ "red", "green", "blue" ],
+ "4" => [ "red", "green", "blue", "orange" ]
+ );
+
+ # Obtain and dereference the corresponding network interaces based on the read
+ # network config type.
+ my @network_zones = @{ $config_type_to_interfaces{$config_type} };
+
+ # Return them.
+ return @network_zones;
+}
+
+#
+## Function to check if the IDS is running.
+#
+sub ids_is_running () {
+ if(-f $idspidfile) {
+ # Open PID file for reading.
+ open(PIDFILE, "$idspidfile") or die "Could not open $idspidfile. $!\n";
+
+ # Grab the process-id.
+ my $pid = <PIDFILE>;
+
+ # Close filehandle.
+ close(PIDFILE);
+
+ # Remove any newline.
+ chomp($pid);
+
+ # Check if a directory for the process-id exists in proc.
+ if(-d "/proc/$pid") {
+ # The IDS daemon is running return the process id.
+ return $pid;
+ }
+ }
+
+ # Return nothing - IDS is not running.
+ return;
+}
+
+#
+## Function to call suricatactrl binary with a given command.
+#
+sub call_suricatactrl ($) {
+ # Get called option.
+ my ($option, $interval) = @_;
+
+ # Loop through the array of supported commands and check if
+ # the given one is part of it.
+ foreach my $cmd (@suricatactrl_cmds) {
+ # Skip current command unless the given one has been found.
+ next unless($cmd eq $option);
+
+ # Check if the given command is "cron".
+ if ($option eq "cron") {
+ # Check if an interval has been given.
+ if ($interval) {
+ # Check if the given interval is valid.
+ foreach my $element (@cron_intervals) {
+ # Skip current element until the given one has been found.
+ next unless($element eq $interval);
+
+ # Call the suricatactrl binary and pass the "cron" command
+ # with the requrested interval.
+ system("$suricatactrl $option $interval &>/dev/null");
+
+ # Return "1" - True.
+ return 1;
+ }
+ }
+
+ # If we got here, the given interval is not supported or none has been given. - Return nothing.
+ return;
+ } else {
+ # Call the suricatactrl binary and pass the requrested
+ # option to it.
+ system("$suricatactrl $option &>/dev/null");
+
+ # Return "1" - True.
+ return 1;
+ }
+ }
+
+ # Command not found - return nothing.
+ return;
+}
+
+#
+## Function to create a new empty file.
+#
+sub create_empty_file($) {
+ my ($file) = @_;
+
+ # Check if the given file exists.
+ if(-e $file) {
+ # Do nothing to prevent from overwriting existing files.
+ return;
+ }
+
+ # Open the file for writing.
+ open(FILE, ">$file") or die "Could not write to $file. $!\n";
+
+ # Close file handle.
+ close(FILE);
+
+ # Return true.
+ return 1;
+}
+
+#
+## Private function to check if the file permission of the rulespath are correct.
+## If not, call suricatactrl to fix them.
+#
+sub _check_rulesdir_permissions() {
+ # Check if the rulepath main directory is writable.
+ unless (-W $rulespath) {
+ # If not call suricatctrl to fix it.
+ &call_suricatactrl("fix-rules-dir");
+ }
+
+ # Open snort rules directory and do a directory listing.
+ opendir(DIR, $rulespath) or die $!;
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
+ # We only want files.
+ next unless (-f "$rulespath/$file");
+
+ # Check if the file is writable by the user.
+ if (-W "$rulespath/$file") {
+ # Everything is okay - go on to the next file.
+ next;
+ } else {
+ # There are wrong permissions, call suricatactrl to fix it.
+ &call_suricatactrl("fix-rules-dir");
+ }
+ }
+}
+
+#
+## Private function to cleanup the directory which contains
+## the IDS rules, before extracting and modifing the new ruleset.
+#
+sub _cleanup_rulesdir() {
+ # Open rules directory and do a directory listing.
+ opendir(DIR, $rulespath) or die $!;
+
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
+ # We only want files.
+ next unless (-f "$rulespath/$file");
+
+ # Skip element if it has config as file extension.
+ next if ($file =~ m/\.config$/);
+
+ # Delete the current processed file, if not, exit this function
+ # and return an error message.
+ unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
+ }
+
+ # Return nothing;
+ return;
+}
+
+#
+## Function to generate the file which contains the home net information.
+#
+sub generate_home_net_file() {
+ my %netsettings;
+
+ # Read-in network settings.
+ &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+ # Get available network zones.
+ my @network_zones = &get_available_network_zones();
+
+ # Temporary array to store network address and prefix of the configured
+ # networks.
+ my @networks;
+
+ # Loop through the array of available network zones.
+ foreach my $zone (@network_zones) {
+ # Check if the current processed zone is red.
+ if($zone eq "red") {
+ # Grab the IP-address of the red interface.
+ my $red_address = &get_red_address();
+
+ # Check if an address has been obtained.
+ if ($red_address) {
+ # Generate full network string.
+ my $red_network = join("/", $red_address, "32");
+
+ # Add the red network to the array of networks.
+ push(@networks, $red_network);
+ }
+
+ # Check if the configured RED_TYPE is static.
+ if ($netsettings{'RED_TYPE'} eq "STATIC") {
+ # Get configured and enabled aliases.
+ my @aliases = &get_aliases();
+
+ # Loop through the array.
+ foreach my $alias (@aliases) {
+ # Add "/32" prefix.
+ my $network = join("/", $alias, "32");
+
+ # Add the generated network to the array of networks.
+ push(@networks, $network);
+ }
+ }
+ # Process remaining network zones.
+ } else {
+ # Convert current zone name into upper case.
+ $zone = uc($zone);
+
+ # Generate key to access the required data from the netsettings hash.
+ my $zone_netaddress = $zone . "_NETADDRESS";
+ my $zone_netmask = $zone . "_NETMASK";
+
+ # Obtain the settings from the netsettings hash.
+ my $netaddress = $netsettings{$zone_netaddress};
+ my $netmask = $netsettings{$zone_netmask};
+
+ # Convert the subnetmask into prefix notation.
+ my $prefix = &Network::convert_netmask2prefix($netmask);
+
+ # Generate full network string.
+ my $network = join("/", $netaddress,$prefix);
+
+ # Check if the network is valid.
+ if(&Network::check_subnet($network)) {
+ # Add the generated network to the array of networks.
+ push(@networks, $network);
+ }
+ }
+ }
+
+ # Format home net declaration.
+ my $line = "\"\[";
+
+ # Loop through the array of networks.
+ foreach my $network (@networks) {
+ # Add the network to the line.
+ $line = "$line" . "$network";
+
+ # Check if the current network was the last in the array.
+ if ($network eq $networks[-1]) {
+ # Close the line.
+ $line = "$line" . "\]\"";
+ } else {
+ # Add "," for the next network.
+ $line = "$line" . "\,";
+ }
+ }
+
+ # Open file to store the addresses of the home net.
+ open(FILE, ">$homenet_file") or die "Could not open $homenet_file. $!\n";
+
+ # Print yaml header.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Print notice about autogenerated file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Print the generated and required HOME_NET declaration to the file.
+ print FILE "HOME_NET:\t$line\n";
+
+ # Close file handle.
+ close(FILE);
+}
+
+#
+## Function to generate and write the file for used rulefiles.
+#
+sub write_used_rulefiles_file(@) {
+ my @files = @_;
+
+ # Open file for used rulefiles.
+ open (FILE, ">$used_rulefiles_file") or die "Could not write to $used_rulefiles_file. $!\n";
+
+ # Write yaml header to the file.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Write header to file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Allways use the whitelist.
+ print FILE " - whitelist.rules\n";
+
+ # Loop through the array of given files.
+ foreach my $file (@files) {
+ # Check if the given filename exists and write it to the file of used rulefiles.
+ if(-f "$rulespath/$file") {
+ print FILE " - $file\n";
+ }
+ }
+
+ # Close file after writing.
+ close(FILE);
+}
+
+#
+## Function to generate and write the file for modify the ruleset.
+#
+sub write_modify_sids_file($) {
+ my ($ruleaction) = @_;
+
+ # Open modify sid's file for writing.
+ open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
+
+ # Write file header.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Tune rules to monitor in both directions.
+ print FILE "modifysid \* \"\-\>\" \| \"\<\>\"\n";
+
+ # Check if the traffic only should be monitored.
+ unless($ruleaction eq "alert") {
+ # Tell oinkmaster to switch all rules from alert to drop.
+ print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+ }
+
+ # Close file handle.
+ close(FILE);
+}
+
+#
+## Function to gather the version of suricata.
+#
+sub get_suricata_version($) {
+ my ($format) = @_;
+
+ # Execute piped suricata command and return the version information.
+ open(SURICATA, "suricata -V |") or die "Couldn't execute program: $!";
+
+ # Grab and store the output of the piped program.
+ my $version_string = <SURICATA>;
+
+ # Close pipe.
+ close(SURICATA);
+
+ # Remove newlines.
+ chomp($version_string);
+
+ # Grab the version from the version string.
+ $version_string =~ /([0-9]+([.][0-9]+)+)/;
+
+ # Splitt the version into single chunks.
+ my ($major_ver, $minor_ver, $patchlevel) = split(/\./, $1);
+
+ # Check and return the requested version sheme.
+ if ($format eq "major") {
+ # Return the full version.
+ return "$major_ver";
+ } elsif ($format eq "minor") {
+ # Return the major and minor part.
+ return "$major_ver.$minor_ver";
+ } else {
+ # Return the full version string.
+ return "$major_ver.$minor_ver.$patchlevel";
+ }
+}
+
+#
+## Function to generate the rules file with whitelisted addresses.
+#
+sub generate_ignore_file() {
+ my %ignored = ();
+
+ # SID range 1000000-1999999 Reserved for Local Use
+ # Put your custom rules in this range to avoid conflicts
+ my $sid = 1500000;
+
+ # Read-in ignoredfile.
+ &General::readhasharray($IDS::ignored_file, \%ignored);
+
+ # Open ignorefile for writing.
+ open(FILE, ">$IDS::whitelist_file") or die "Could not write to $IDS::whitelist_file. $!\n";
+
+ # Config file header.
+ print FILE "# Autogenerated file.\n";
+ print FILE "# All user modifications will be overwritten.\n\n";
+
+ # Add all user defined addresses to the whitelist.
+ #
+ # Check if the hash contains any elements.
+ if (keys (%ignored)) {
+ # Loop through the entire hash and write the host/network
+ # and remark to the ignore file.
+ while ( (my $key) = each %ignored) {
+ my $address = $ignored{$key}[0];
+ my $remark = $ignored{$key}[1];
+ my $status = $ignored{$key}[2];
+
+ # Check if the status of the entry is "enabled".
+ if ($status eq "enabled") {
+ # Check if the address/network is valid.
+ if ((&General::validip($address)) || (&General::validipandmask($address))) {
+ # Write rule line to the file to pass any traffic from this IP
+ print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; sid:$sid\;)\n";
+
+ # Increment sid.
+ $sid++;
+ }
+ }
+ }
+ }
+
+ close(FILE);
+}
+
+#
+## Function to set correct ownership for single files and directories.
+#
+
+sub set_ownership($) {
+ my ($target) = @_;
+
+ # User and group of the WUI.
+ my $uname = "nobody";
+ my $grname = "nobody";
+
+ # The chown function implemented in perl requies the user and group as nummeric id's.
+ my $uid = getpwnam($uname);
+ my $gid = getgrnam($grname);
+
+ # Check if the given target exists.
+ unless ($target) {
+ # Stop the script and print error message.
+ die "The $target does not exist. Cannot change the ownership!\n";
+ }
+
+ # Check weather the target is a file or directory.
+ if (-f $target) {
+ # Change ownership ot the single file.
+ chown($uid, $gid, "$target");
+ } elsif (-d $target) {
+ # Do a directory listing.
+ opendir(DIR, $target) or die $!;
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
+
+ # We only want files.
+ next unless (-f "$target/$file");
+
+ # Set correct ownership for the files.
+ chown($uid, $gid, "$target/$file");
+ }
+
+ closedir(DIR);
+
+ # Change ownership of the directory.
+ chown($uid, $gid, "$target");
+ }
+}
+
+#
+## Function to read-in the aliases file and returns all configured and enabled aliases.
+#
+sub get_aliases() {
+ # Location of the aliases file.
+ my $aliases_file = "${General::swroot}/ethernet/aliases";
+
+ # Array to store the aliases.
+ my @aliases;
+
+ # Check if the file is empty.
+ if (-z $aliases_file) {
+ # Abort nothing to do.
+ return;
+ }
+
+ # Open the aliases file.
+ open(ALIASES, $aliases_file) or die "Could not open $aliases_file. $!\n";
+
+ # Loop through the file content.
+ while (my $line = <ALIASES>) {
+ # Remove newlines.
+ chomp($line);
+
+ # Splitt line content into single chunks.
+ my ($address, $state, $remark) = split(/\,/, $line);
+
+ # Check if the state of the current processed alias is "on".
+ if ($state eq "on") {
+ # Check if the address is valid.
+ if(&Network::check_ip_address($address)) {
+ # Add the alias to the array of aliases.
+ push(@aliases, $address);
+ }
+ }
+ }
+
+ # Close file handle.
+ close(ALIASES);
+
+ # Return the array.
+ return @aliases;
+}
+
+#
+## Function to grab the current assigned IP-address on red.
+#
+sub get_red_address() {
+ # File, which contains the current IP-address of the red interface.
+ my $file = "${General::swroot}/red/local-ipaddress";
+
+ # Check if the file exists.
+ if (-e $file) {
+ # Open the given file.
+ open(FILE, "$file") or die "Could not open $file.";
+
+ # Obtain the address from the first line of the file.
+ my $address = <FILE>;
+
+ # Close filehandle
+ close(FILE);
+
+ # Remove newlines.
+ chomp $address;
+
+ # Check if the grabbed address is valid.
+ if (&General::validip($address)) {
+ # Return the address.
+ return $address;
+ }
+ }
+
+ # Return nothing.
+ return;
+}
+
+#
+## Function to write the lock file for locking the WUI, while
+## the autoupdate script runs.
+#
+sub lock_ids_page() {
+ # Call subfunction to create the file.
+ &create_empty_file($ids_page_lock_file);
+}
+
+#
+## Function to release the lock of the WUI, again.
+#
+sub unlock_ids_page() {
+ # Delete lock file.
+ unlink($ids_page_lock_file);
+}
+
+1;
Process "squid"
Process "squidguard"
Process "charon"
- Process "snort"
Process "openvpn"
Process "qemu"
Process "rtorrent"
wbpriv:x:88:squid
nobody:x:99:
users:x:100:
-snort:x:101:
+suricata:x:101:
logwatch:x:102:
cron:x:104:
syslogd:x:105:
endscript
}
-/var/log/snort/alert {
+/var/log/suricata/*.log {
weekly
copytruncate
compress
ifempty
missingok
postrotate
- /bin/find /var/log/snort -path '/var/log/snort/[0-9]*' -prune -exec /bin/rm -rf {} \;
- /bin/find /var/log/snort -name 'snort.log.*' -mtime +28 -exec /bin/rm -rf {} \;
- /etc/init.d/snort restart
+ /bin/find /var/log/suricata -path '/var/log/suricata/[0-9]*' -prune -exec /bin/rm -rf {} \;
+ /bin/find /var/log/suricata -name 'fast.log.*' -mtime +28 -exec /bin/rm -rf {} \;
+ /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null || true
endscript
}
sshd:x:74:74:sshd:/var/empty:/bin/false
nobody:x:99:99:Nobody:/home/nobody:/bin/false
postfix:x:100:100::/var/spool/postfix:/bin/false
-snort:x:101:101:ftp:/var/log/snort:/bin/false
+suricata:x:101:101:Suricata:/var/log/suricata:/bin/false
logwatch:x:102:102::/var/log/logwatch:/bin/false
cron:x:104:104::/:/bin/false
syslogd:x:105:105:/var/empty:/bin/false
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# local0.* any dhcpcd log (even debug) in messages
-cron.none;daemon.*;local0.*;local2.*;*.info;mail.none;authpriv.* -/var/log/messages
+cron.none;daemon.*;local0.*;local2.*;local5.*;*.info;mail.none;authpriv.* -/var/log/messages
# Log crons
#cron.* -/var/log/cron.log
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.97-ipfire Kernel Configuration
+# Linux/arm64 4.14.111-ipfire Kernel Configuration
#
CONFIG_ARM64=y
CONFIG_64BIT=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
# CONFIG_RTL8189ES is not set
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
# CONFIG_ATH5K is not set
# CONFIG_ATH5K_PCI is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH10K_AHB=y
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_HAVE_ARCH_KASAN=y
# CONFIG_KASAN is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_HAVE_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_LIST=y
+# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_ARM64_PTDUMP_CORE is not set
# CONFIG_ARM64_PTDUMP_DEBUGFS is not set
# CONFIG_PID_IN_CONTEXTIDR is not set
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.97-ipfire-kirkwood Kernel Configuration
+# Linux/arm 4.14.111-ipfire-kirkwood Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
# CONFIG_ADM8211 is not set
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
CONFIG_ATH5K=m
# CONFIG_ATH5K_DEBUG is not set
# CONFIG_ATH5K_TRACER is not set
CONFIG_ATH5K_PCI=y
+# CONFIG_ATH5K_TEST_CHANNELS is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K_BTCOEX_SUPPORT=y
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH6KL_USB=m
# CONFIG_ATH6KL_DEBUG is not set
# CONFIG_ATH6KL_TRACING is not set
+# CONFIG_ATH6KL_REGDOMAIN is not set
CONFIG_AR5523=m
CONFIG_WIL6210=m
CONFIG_WIL6210_ISR_COR=y
CONFIG_ATH10K_AHB=y
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
CONFIG_WCN36XX_DEBUGFS=y
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_HIGHMEM is not set
CONFIG_DEBUG_SHIRQ=y
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_LIST=y
+# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_ARM_PTDUMP is not set
CONFIG_ARM_UNWIND=y
CONFIG_OLD_MCOUNT=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.101-ipfire-multi Kernel Configuration
+# Linux/arm 4.14.111-ipfire-multi Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
CONFIG_GENERIC_IRQ_SHOW=y
CONFIG_GENERIC_IRQ_SHOW_LEVEL=y
CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
+CONFIG_GENERIC_IRQ_MIGRATION=y
CONFIG_HARDIRQS_SW_RESEND=y
CONFIG_GENERIC_IRQ_CHIP=y
CONFIG_IRQ_DOMAIN=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_RTL8189ES=m
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
# CONFIG_ATH5K is not set
# CONFIG_ATH5K_PCI is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH10K_AHB=y
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
# CONFIG_DEBUG_HIGHMEM is not set
CONFIG_DEBUG_SHIRQ=y
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_LIST=y
+# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_ARM_PTDUMP is not set
CONFIG_ARM_UNWIND=y
CONFIG_OLD_MCOUNT=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.97-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.111-ipfire Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_ADM8211=m
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
CONFIG_ATH5K=m
CONFIG_ATH5K_DEBUG=y
# CONFIG_ATH5K_TRACER is not set
CONFIG_ATH5K_PCI=y
+# CONFIG_ATH5K_TEST_CHANNELS is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K_BTCOEX_SUPPORT=y
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH10K_PCI=m
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
# CONFIG_DEBUG_HIGHMEM is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-CONFIG_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_DEBUG_SHIRQ=y
#
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_X86_VERBOSE_BOOTUP is not set
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.97-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.111-ipfire-pae Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_ADM8211=m
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
CONFIG_ATH5K=m
CONFIG_ATH5K_DEBUG=y
# CONFIG_ATH5K_TRACER is not set
CONFIG_ATH5K_PCI=y
+# CONFIG_ATH5K_TEST_CHANNELS is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K_BTCOEX_SUPPORT=y
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH10K_PCI=m
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
# CONFIG_DEBUG_HIGHMEM is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-CONFIG_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_DEBUG_SHIRQ=y
#
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_X86_VERBOSE_BOOTUP is not set
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.97-ipfire Kernel Configuration
+# Linux/x86 4.14.111-ipfire Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
CONFIG_WEXT_SPY=y
CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
-# CONFIG_NL80211_TESTMODE is not set
+CONFIG_NL80211_TESTMODE=y
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
-# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
+CONFIG_CFG80211_CERTIFICATION_ONUS=y
+CONFIG_CFG80211_REG_CELLULAR_HINTS=y
+CONFIG_CFG80211_REG_RELAX_NO_IR=y
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_ADM8211=m
CONFIG_ATH_COMMON=m
CONFIG_WLAN_VENDOR_ATH=y
-# CONFIG_ATH_DEBUG is not set
+CONFIG_ATH_DEBUG=y
+# CONFIG_ATH_TRACEPOINTS is not set
+CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS=y
+CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING=y
CONFIG_ATH5K=m
CONFIG_ATH5K_DEBUG=y
# CONFIG_ATH5K_TRACER is not set
CONFIG_ATH5K_PCI=y
+# CONFIG_ATH5K_TEST_CHANNELS is not set
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K_BTCOEX_SUPPORT=y
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
+CONFIG_ATH9K_DFS_CERTIFIED=y
# CONFIG_ATH9K_DYNACK is not set
# CONFIG_ATH9K_WOW is not set
CONFIG_ATH9K_RFKILL=y
CONFIG_ATH10K_PCI=m
CONFIG_ATH10K_SDIO=m
CONFIG_ATH10K_USB=m
-# CONFIG_ATH10K_DEBUG is not set
+CONFIG_ATH10K_DEBUG=y
# CONFIG_ATH10K_DEBUGFS is not set
# CONFIG_ATH10K_TRACING is not set
+CONFIG_ATH10K_DFS_CERTIFIED=y
CONFIG_WCN36XX=m
# CONFIG_WCN36XX_DEBUGFS is not set
CONFIG_WLAN_VENDOR_ATMEL=y
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_PAGE_POISONING is not set
# CONFIG_DEBUG_PAGE_REF is not set
-CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_RODATA_TEST is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-CONFIG_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_HAVE_ARCH_KASAN=y
# CONFIG_KASAN is not set
CONFIG_ARCH_HAS_KCOV=y
# CONFIG_KCOV is not set
-CONFIG_DEBUG_SHIRQ=y
+# CONFIG_DEBUG_SHIRQ is not set
#
# Debug Lockups and Hangs
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
-CONFIG_DEBUG_LIST=y
+# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_PI_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
# CONFIG_X86_VERBOSE_BOOTUP is not set
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
-CONFIG_DEBUG_BOOT_PARAMS=y
+# CONFIG_DEBUG_BOOT_PARAMS is not set
# CONFIG_CPA_DEBUG is not set
CONFIG_OPTIMIZE_INLINING=y
# CONFIG_DEBUG_ENTRY is not set
# CONFIG_DEBUG_NMI_SELFTEST is not set
-CONFIG_X86_DEBUG_FPU=y
+# CONFIG_X86_DEBUG_FPU is not set
# CONFIG_PUNIT_ATOM_DEBUG is not set
CONFIG_UNWINDER_ORC=y
# CONFIG_UNWINDER_FRAME_POINTER is not set
'title' => "Quality of Service",
'enabled' => 1,
};
- $subservices->{'60.ids'} = {'caption' => $Lang::tr{'intrusion detection'},
- 'enabled' => 1,
- 'uri' => '/cgi-bin/ids.cgi',
- 'title' => "$Lang::tr{'intrusion detection system'}",
- };
$subservices->{'70.extrahd'} = {'caption' => "ExtraHD",
'enabled' => 1,
'uri' => '/cgi-bin/extrahd.cgi',
'title' => "Universal Plug and Play",
'enabled' => 0,
};
+ $subfirewall->{'80.ids'} = {'caption' => $Lang::tr{'intrusion detection'},
+ 'uri' => '/cgi-bin/ids.cgi',
+ 'title' => "$Lang::tr{'intrusion detection system'}",
+ 'enabled' => 1,
+ };
$subfirewall->{'90.iptables'} = {
'caption' => $Lang::tr{'ipts'},
'uri' => '/cgi-bin/iptables.cgi',
--- /dev/null
+# $Id: oinkmaster.conf,v 1.132 2006/02/02 12:05:08 andreas_o Exp $ #
+
+# This file is pretty big by default, but don't worry.
+# The only things required are "path" and "update_files". You must also
+# set "url" to point to the correct rules archive for your version of
+# Snort, unless you prefer to specify this on the command line.
+# The rest in here is just a few recommended defaults, and examples
+# how to use all the other optional features and give some ideas how they
+# could be used.
+
+# Remember not to let untrusted users edit Oinkmaster configuration
+# files, as things like the PATH to use during execution is defined
+# in here.
+
+
+# Use "url = <url>" to specify the location of the rules archive to
+# download. The url must begin with http://, https://, ftp://, file://
+# or scp:// and end with .tar.gz or .tgz, and the file must be a
+# gzipped tarball what contains a directory named "rules".
+# You can also point to a local directory with dir://<directory>.
+# Multiple "url = <url>" lines can be specified to grab multiple rules
+# archives from different locations.
+#
+# Note: if URL is specified on the command line, it overrides all
+# possible URLs specified in the configuration file(s).
+#
+# The location of the official Snort rules you should use depends
+# on which Snort version you run. Basically, you should go to
+# http://www.snort.org/rules/ and follow the instructions
+# there to pick the right URL for your version of Snort
+# (and remember to update the URL when upgrading Snort in the
+# future). You can of course also specify locations to third party
+# rules.
+#
+# As of March 2005, you must register on the Snort site to get access
+# to the official Snort rules. This will get you an "oinkcode".
+# You then specify the URL as
+# http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/<filename>
+# For example, if your code is 5a081649c06a277e1022e1284b and
+# you use Snort 2.4, the url to use would be (without the wrap):
+# http://www.snort.org/pub-bin/oinkmaster.cgi/
+# 5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.4.tar.gz
+# See the Oinkmaster FAQ Q1 and http://www.snort.org/rules/ for
+# more information.
+
+
+# URL examples follows. Replace <oinkcode> with the code you get on the
+# Snort site in your registered user profile.
+
+# Example for Snort 2.4
+# url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
+# url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
+
+# Example for Snort-current ("current" means cvs snapshots).
+#url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
+
+# Example for Community rules
+# url = http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
+
+# Example for rules from the Bleeding Snort project
+# url = http://www.bleedingsnort.com/bleeding.rules.tar.gz
+
+# If you prefer to download the rules archive from outside Oinkmaster,
+# you can then point to the file on your local filesystem by using
+# file://<filename>, for example:
+# url = file:///tmp/snortrules.tar.gz
+
+# In rare cases you may want to grab the rules directly from a
+# local directory (don't confuse this with the output directory).
+# url = dir:///etc/snort/src/rules
+
+# Example to use scp to copy the rules archive from another host.
+# Only OpenSSH is tested. See the FAQ for more information.
+# url = scp://user@somehost.example.com:/somedir/snortrules.tar.gz
+
+# If you use -u scp://... and need to specify a private ssh key (passed
+# as -i <key> to the scp command) you can specify it here or add an
+# entry in ~/.ssh/config for the Oinkmaster user as described in the
+# OpenSSH manual.
+# scp_key = /home/oinkmaster/oinkmaster_privkey
+
+
+# The PATH to use during execution. If you prefer to use external
+# binaries (i.e. use_external_bins=1, see below), tar and gzip must be
+# found, and also wget if downloading via ftp, http or https. All with
+# optional .exe suffix. If you're on Cygwin, make sure that the path
+# contains the Cygwin binaries and not the native Win32 binaries or
+# you will get problems.
+# Assume UNIX style by default:
+path = /bin:/usr/bin:/usr/local/bin
+
+# Example if running native Win32 or standalone Cygwin:
+# path = c:\oinkmaster;c:\oinkmaster\bin
+
+# Example if running standalone Cygwin and you prefer Cygwin style path:
+# path = /cygdrive/c/oinkmaster:/cygdrive/c/oinkmaster/bin
+
+
+# We normally use external binaries (wget, tar and gzip) since they're
+# already available on most systems and do a good job. If you have the
+# Perl modules Archive::Tar, IO::Zlib and LWP::UserAgent, you can use
+# those instead if you like. You can set use_external_bins below to
+# choose which method you prefer. It's set to 0 by default on Win32
+# (i.e. use Perl modules), and 1 on other systems (i.e. use external
+# binaries). The reason for that is that the required Perl modules
+# are included on Windows/ActivePerl 5.8.1+, so it's easier to use
+# those than to install the ported Unix tools. (Note that if you're
+# using scp to download the archive, external scp binary is still
+# used.)
+# use_external_bins = 0
+
+
+# Temporary directory to use. This directory must exist when starting and
+# Oinkmaster will then create a temporary sub directory in here.
+# Keep it as a #comment if you want to use the default.
+# The default will be checked for in the environment variables TMP,
+# TMPDIR or TEMPDIR, or otherwise use "/tmp" if none of them was set.
+
+# Example for UNIX.
+# tmpdir = /home/oinkmaster/tmp/
+
+# Example if running native Win32 or Cygwin.
+# tmpdir = c:\tmp
+
+# Example if running Cygwin and you prefer Cygwin style path.
+# tmpdir = /cygdrive/c/tmp
+
+
+# The umask to use during execution if you want it to be something
+# else than the current value when starting Oinkmaster.
+# This will affect the mode bits when writing new files.
+# Keep it commented out to keep your system's current umask.
+# umask = 0027
+
+
+# Files in the archive(s) matching this regular expression will be
+# checked for changes, and then updated or added if needed.
+# All other files will be ignored. You can then choose to skip
+# individual files by specifying the "skipfile" keyword below.
+# Normally you shouldn't need to change this one.
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+
+# Regexp of keywords that starts a Snort rule.
+# May be useful if you create your own ruletypes and want those
+# lines to be regarded as rules as well.
+# rule_actions = alert|drop|log|pass|reject|sdrop|activate|dynamic
+
+
+# If the number of rules files in the downloaded archive matching the
+# 'update_files' regexp is below min_files, or if the number
+# of rules is below min_rules, the rules are regarded as broken
+# and the update is aborted with an error message.
+# Both are set to 1 by default (i.e. the archive is only regarded as
+# broken if it's totally empty).
+# If you download from multiple URLs, the count is the total number
+# of files/rules across all archives.
+# min_files = 1
+# min_rules = 1
+
+
+# By default, a basic sanity check is performed on most paths/filenames
+# to see if they contain illegal characters that may screw things up.
+# If this check is too strict for your system (e.g. you get bogus
+# "illegal characters in filename" errors because of your local language
+# etc) and you're sure you want to disable the checks completely,
+# set use_path_checks to 0.
+# use_path_checks = 1
+
+
+# If you want Oinkmaster to send a User-Agent HTTP header string
+# other than the default one for wget/LWP, set this variable.
+# user_agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
+
+
+# You can include other files anywhere in here by using
+# "include <file>". <file> will be parsed just like a regular
+# oinkmaster.conf as soon as the include statement is seen, and then
+# return and continue parsing the rest of the original file. If an
+# option is redefined, it will override the previous value. You can use
+# as many "include" statements as you wish, and also include even more
+# files from included files. Example to load stuff from "/etc/foo.conf".
+# include /etc/foo.conf
+
+# Include file for enabled sids.
+include /var/ipfire/suricata/oinkmaster-enabled-sids.conf
+
+# Include file for disabled sids.
+include /var/ipfire/suricata/oinkmaster-disabled-sids.conf
+
+# Include file which defines the runmode of suricata.
+include /var/ipfire/suricata/oinkmaster-modify-sids.conf
+
+#######################################################################
+# Files to totally skip (i.e. never update or check for changes) #
+# #
+# Syntax: skipfile filename #
+# or: skipfile filename1, filename2, filename3, ... #
+#######################################################################
+
+# Ignore local.rules from the rules archive by default since we might
+# have put some local rules in our own local.rules and we don't want it
+# to get overwritten by the empty one from the archive after each
+# update.
+skipfile local.rules
+
+# The file deleted.rules contains rules that have been deleted from
+# other files, so there is usually no point in updating it.
+skipfile deleted.rules
+
+# Also skip snort.conf by default since we don't want to overwrite our
+# own snort.conf if we have it in the same directory as the rules. If
+# you have your own production copy of snort.conf in another directory,
+# it may be really nice to check for changes in this file though,
+# especially since variables are sometimes added or modified and
+# new/old files are included/excluded.
+#skipfile snort.conf
+
+# You may want to consider ignoring threshold.conf for the same reasons
+# as for snort.conf, i.e. if you customize it locally and don't want it
+# to become overwritten by the default one. It may be better to put
+# local thresholding/suppressing in some local file and still update
+# and use the official one though, in case important stuff is added to
+# it some day. We do update it by default, but it's your call.
+# skipfile threshold.conf
+
+# If you update from multiple URLs at the same time you may need to
+# ignore the sid-msg.map (and generate it yourself if you need one) as
+# it's usually included in each rules tarball. See the FAQ for more info.
+# skipfile sid-msg.map
+
+
+
+##########################################################################
+# SIDs to modify after each update (only for the skilled/stupid/brave). #
+# Don't use it unless you have to. There is nothing that stops you from #
+# modifying rules in such ways that they become invalid or generally #
+# break things. You have been warned. #
+# If you just want to disable SIDs, please skip this section and have a #
+# look at the "disablesid" keyword below. #
+# #
+# You may specify multiple modifysid directives for the same SID (they #
+# will be processed in order of appearance), and you may also specify a #
+# list of SIDs on which the substitution should be applied. #
+# If the argument is in the form something.something it's regarded #
+# as a filename and the substitution will apply on all rules in that #
+# file. The wildcard ("*") can be used to apply the substitution on all #
+# rules regardless of the SID or file. Please avoid using #comments #
+# at the end of modifysid lines, they may confuse the parser in some #
+# situations. #
+# #
+# Syntax: #
+# modifysid SID "replacethis" | "withthis" #
+# or: #
+# modifysid SID1, SID2, SID3, ... "replacethis" | "withthis" #
+# or: #
+# modifysid file "replacethis" | "withthis" #
+# or: #
+# modifysid * "replacethis" | "withthis" #
+# #
+# The strings within the quotes will basically be passed to a #
+# s/replacethis/withthis/ statement in Perl, so they must be valid #
+# regular expressions. The strings are case-insensitive and only the #
+# first occurrence will be replaced. If there are multiple occurrences #
+# you want to replace, simply repeat the same modifysid line. #
+# As the strings are regular expressions, you MUST escape special #
+# characters like $ \ / ( ) | by prepending a "\" to them. #
+# #
+# If you specify a modifysid statement for a multi-line rule, Oinkmaster #
+# will first translate the rule into a single-line version and then #
+# perform the substitution, so you don't have to care about the trailing #
+# backslashes and newlines. #
+# #
+# If you use backreference variables in the substitution expression, #
+# it's strongly recommended to specify them as ${1} instead of $1 and so #
+# on, to avoid parsing confusion with unexpected results in some #
+# situations. Note that modifysid statements will process both active #
+# and inactive (disabled) rules. #
+# #
+# You may want to check out README.templates and template-examples.conf #
+# to find how you can simplify the modifysid usage by using templates. #
+##########################################################################
+
+# Example to enable a rule (in this case SID 1325) that is disabled by
+# default, by simply replacing leading "#alert" with "alert".
+# (You should really use 'enablesid' for this though.)
+# Oinkmaster removes whitespaces next to the leading "#" so you don't
+# have to worry about that, but be careful about possible whitespace in
+# other places when writing the regexps.
+# modifysid 1325 "^#alert" | "alert"
+
+# You could also do this to enable it no matter what type of rule it is
+# (alert, log, pass, etc).
+# modifysid 1325 "^#" | ""
+
+# Example to add "tag" stuff to SID 1325.
+# modifysid 1325 "sid:1325;" | "sid:1325; tag: host, src, 300, seconds;"
+
+# Example to make SID 1378 a 'drop' rule (valid if you're running
+# Snort_inline).
+# modifysid 1378 "^alert" | "drop"
+
+# Example to replace first occurrence of $EXTERNAL_NET with $HOME_NET
+# in SID 302.
+# modifysid 302 "\$EXTERNAL_NET" | "\$HOME_NET"
+
+# You can also specify that a substitution should apply on multiple SIDs.
+# modifysid 302,429,1821 "\$EXTERNAL_NET" | "\$HOME_NET"
+
+# You can take advantage of the fact that it's regular expressions and
+# do more complex stuff. This example (for Snort_inline) adds a 'replace'
+# statement to SID 1324 that replaces "/bin/sh" with "/foo/sh".
+# modifysid 1324 "(content\s*:\s*"\/bin\/sh"\s*;)" | \
+# "${1} replace:"\/foo\/sh";"
+
+# If you for some reason would like to add a comment inside the actual
+# rules file, like the reason why you disabled this rule, you can do
+# like this (you would normally add such comments in oinkmaster.conf
+# though).
+# modifysid 1324 "(.+)" | "# 20020101: disabled this rule just for fun:\n#${1}"
+
+# Here is an example that is actually useful. Let's say you don't care
+# about incoming welchia pings (detected by SID 483 at the time of
+# writing) but you want to know when infected hosts on your network
+# scans hosts on the outside. (Remember that watching for outgoing
+# malicious packets is often just as important as watching for incoming
+# ones, especially in this case.) The rule currently looks like
+# "alert icmp $EXTERNAL_NET any -> $HOME_NET any ..."
+# but we want to switch that so it becomes
+# "alert icmp $HOME_NET any -> $EXTERNAL_NET any ...".
+# Here is how it could be done.
+# modifysid 483 \
+# "(.+) \$EXTERNAL_NET (.+) \$HOME_NET (.+)" | \
+# "${1} \$HOME_NET ${2} \$EXTERNAL_NET ${3}"
+
+# The wildcard (modifysid * ...) can be used to do all kinds of
+# interesting things. The substitution expression will be applied on all
+# matching rules. First, a silly example to replace "foo" with "bar" in
+# all rules (that have the string "foo" in them, that is.)
+# modifysid * "foo" | "bar"
+
+# If you for some reason don't want to use the stream preprocessor to
+# match established streams, you may want to replace the 'flow'
+# statement with 'flags:A+;' in all those rules.
+# modifysid * "flow:[a-z,_ ]+;" | "flags:A+;"
+
+# Example to convert all rules of classtype attempted-admin to 'drop'
+# rules (for Snort_inline only, obviously).
+# modifysid * "^alert (.*classtype\s*:\s*attempted-admin)" | "drop ${1}"
+
+# This one will append some text to the 'msg' string for all rules that
+# have the 'tag' keyword in them.
+# modifysid * "(.*msg:\s*".+?)"(\s*;.+;\s*tag:.*)" | \
+# "${1}, going to tag this baby"${2}"
+
+# There may be times when you want to replace multiple occurrences of a
+# certain keyword/string in a rule and not just the first one. To
+# replace the first two occurrences of "foo" with "bar" in SID 100,
+# simply repeat the modifysid statement:
+# modifysid 100 "foo" | "bar"
+# modifysid 100 "foo" | "bar"
+
+# Or you can even specify a SID list but repeat the same SID as many
+# times as required, like:
+# modifysid 100,100,100 "foo" | "bar"
+
+# Enable all rules in the file exploit.rules.
+# modifysid exploit.rules "^#" | ""
+
+# Enable all rules in exploit.rules, icmp-info.rules and also SID 1171.
+# modifysid exploit.rules, snmp.rules, 1171 "^#" | ""
+
+
+
+########################################################################
+# SIDs that we don't want to update. #
+# If you for some reason don't want a specific rule to be updated #
+# (e.g. you made local modifications to it and you never want to #
+# update it and don't care about changes in the official version), you #
+# can specify a "localsid" statement for it. This means that the old #
+# version of the rule (i.e. the one in the rules file on your #
+# harddrive) is always kept, regardless if the official version has #
+# been updated. Please do not use this feature unless in special #
+# cases as it's easy to end up with many signatures that aren't #
+# maintained anymore. See the FAQ for details about this and hints #
+# about better solutions regarding customization of rules. #
+# #
+# Syntax: localsid SID #
+# or: localsid SID1, SID2, SID3, ... #
+########################################################################
+
+# Example to never update SID 1325.
+# localsid 1325
+
+
+
+########################################################################
+# SIDs to enable after each update. #
+# Will simply remove all the leading '#' for a specified SID (if it's #
+# a multi-line rule, the leading '#' for all lines are removed.) #
+# These will be processed after all the modifysid and disablesid #
+# statements. Using 'enablesid' on a rule that is not disabled is a #
+# NOOP. #
+# #
+# Syntax: enablesid SID #
+# or: enablesid SID1, SID2, SID3, ... #
+########################################################################
+
+# Example to enable SID 1325.
+# enablesid 1325
+
+
+
+########################################################################
+# SIDs to comment out, i.e. disable, after each update by placing a #
+# '#' in front of the rule (if it's a multi-line rule, it will be put #
+# in front of all lines). #
+# #
+# Syntax: disablesid SID #
+# or: disablesid SID1, SID2, SID3, ... #
+########################################################################
+
+# You can specify one SID per line.
+# disablesid 1
+# disablesid 2
+# disablesid 3
+
+# And also as comma-separated lists.
+# disablesid 4,5,6
+
+# It's a good idea to also add comment about why you disable the sid:
+# disablesid 1324 # 20020101: disabled this SID just because I can
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-snort
+etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
-etc/rc.d/init.d/snort
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
etc/rc.d/init.d/swap
etc/rc.d/init.d/swconfig
etc/rc.d/init.d/sysctl
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K77conntrackd
-etc/rc.d/rc0.d/K78snort
+etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K77conntrackd
-etc/rc.d/rc6.d/K78snort
+etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
usr/local/bin/settime
usr/local/bin/timecheck
usr/local/bin/timezone-transition
+usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-snort
+etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
-etc/rc.d/init.d/snort
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
etc/rc.d/init.d/swap
etc/rc.d/init.d/swconfig
etc/rc.d/init.d/sysctl
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K77conntrackd
-etc/rc.d/rc0.d/K78snort
+etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K77conntrackd
-etc/rc.d/rc6.d/K78snort
+etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
usr/sbin/convert-dmz
usr/sbin/convert-outgoingfw
usr/sbin/convert-portfw
+usr/sbin/convert-snort
usr/sbin/convert-xtaccess
usr/sbin/firewall-policy
#var/ipfire
var/ipfire/geoip-functions.pl
var/ipfire/graphs.pl
var/ipfire/header.pl
+var/ipfire/ids-functions.pl
var/ipfire/isdn
#var/ipfire/isdn/settings
var/ipfire/key
#var/ipfire/remote/settings
var/ipfire/sensors
#var/ipfire/sensors/settings
-var/ipfire/snort
-#var/ipfire/snort/settings
+var/ipfire/suricata
+#var/ipfire/suricata/settings
var/ipfire/time
#var/ipfire/time/settings
var/ipfire/updatexlrator
+++ /dev/null
-#usr/bin/daq-modules-config
-#usr/include/daq.h
-#usr/include/daq_api.h
-#usr/include/daq_common.h
-#usr/include/sfbpf.h
-#usr/include/sfbpf_dlt.h
-usr/lib/daq
-#usr/lib/daq/daq_afpacket.la
-#usr/lib/daq/daq_afpacket.so
-#usr/lib/daq/daq_dump.la
-#usr/lib/daq/daq_dump.so
-#usr/lib/daq/daq_ipfw.la
-#usr/lib/daq/daq_ipfw.so
-#usr/lib/daq/daq_ipq.la
-#usr/lib/daq/daq_ipq.so
-#usr/lib/daq/daq_nfq.la
-#usr/lib/daq/daq_nfq.so
-#usr/lib/daq/daq_pcap.la
-#usr/lib/daq/daq_pcap.so
-#usr/lib/libdaq.a
-#usr/lib/libdaq.la
-#usr/lib/libdaq.so
-usr/lib/libdaq.so.2
-usr/lib/libdaq.so.2.0.4
-#usr/lib/libdaq_static.a
-#usr/lib/libdaq_static.la
-#usr/lib/libdaq_static_modules.a
-#usr/lib/libdaq_static_modules.la
-#usr/lib/libsfbpf.a
-#usr/lib/libsfbpf.la
-#usr/lib/libsfbpf.so
-usr/lib/libsfbpf.so.0
-usr/lib/libsfbpf.so.0.0.1
#usr/lib/libgnutls.la
#usr/lib/libgnutls.so
usr/lib/libgnutls.so.30
-usr/lib/libgnutls.so.30.14.11
+usr/lib/libgnutls.so.30.23.2
#usr/lib/libgnutlsxx.la
#usr/lib/libgnutlsxx.so
usr/lib/libgnutlsxx.so.28
#usr/share/info/gnutls.info-4
#usr/share/info/gnutls.info-5
#usr/share/info/gnutls.info-6
+#usr/share/info/gnutls.info-7
#usr/share/info/pkcs11-vision.png
#usr/share/locale/cs/LC_MESSAGES/gnutls.mo
#usr/share/locale/de/LC_MESSAGES/gnutls.mo
-#usr/share/locale/en@boldquot/LC_MESSAGES/gnutls.mo
-#usr/share/locale/en@quot/LC_MESSAGES/gnutls.mo
#usr/share/locale/eo/LC_MESSAGES/gnutls.mo
+#usr/share/locale/es/LC_MESSAGES/gnutls.mo
#usr/share/locale/fi/LC_MESSAGES/gnutls.mo
#usr/share/locale/fr/LC_MESSAGES/gnutls.mo
#usr/share/locale/it/LC_MESSAGES/gnutls.mo
#usr/share/locale/ms/LC_MESSAGES/gnutls.mo
#usr/share/locale/nl/LC_MESSAGES/gnutls.mo
#usr/share/locale/pl/LC_MESSAGES/gnutls.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/gnutls.mo
+#usr/share/locale/sr/LC_MESSAGES/gnutls.mo
#usr/share/locale/sv/LC_MESSAGES/gnutls.mo
#usr/share/locale/uk/LC_MESSAGES/gnutls.mo
#usr/share/locale/vi/LC_MESSAGES/gnutls.mo
#usr/share/man/man3/gnutls_aead_cipher_decrypt.3
#usr/share/man/man3/gnutls_aead_cipher_deinit.3
#usr/share/man/man3/gnutls_aead_cipher_encrypt.3
+#usr/share/man/man3/gnutls_aead_cipher_encryptv.3
#usr/share/man/man3/gnutls_aead_cipher_init.3
#usr/share/man/man3/gnutls_alert_get.3
#usr/share/man/man3/gnutls_alert_get_name.3
#usr/share/man/man3/gnutls_anon_set_server_dh_params.3
#usr/share/man/man3/gnutls_anon_set_server_known_dh_params.3
#usr/share/man/man3/gnutls_anon_set_server_params_function.3
+#usr/share/man/man3/gnutls_anti_replay_deinit.3
+#usr/share/man/man3/gnutls_anti_replay_enable.3
+#usr/share/man/man3/gnutls_anti_replay_init.3
+#usr/share/man/man3/gnutls_anti_replay_set_add_function.3
+#usr/share/man/man3/gnutls_anti_replay_set_ptr.3
+#usr/share/man/man3/gnutls_anti_replay_set_window.3
#usr/share/man/man3/gnutls_auth_client_get_type.3
#usr/share/man/man3/gnutls_auth_get_type.3
#usr/share/man/man3/gnutls_auth_server_get_type.3
+#usr/share/man/man3/gnutls_base64_decode2.3
+#usr/share/man/man3/gnutls_base64_encode2.3
#usr/share/man/man3/gnutls_buffer_append_data.3
#usr/share/man/man3/gnutls_bye.3
#usr/share/man/man3/gnutls_certificate_activation_time_peers.3
#usr/share/man/man3/gnutls_certificate_free_keys.3
#usr/share/man/man3/gnutls_certificate_get_crt_raw.3
#usr/share/man/man3/gnutls_certificate_get_issuer.3
+#usr/share/man/man3/gnutls_certificate_get_ocsp_expiration.3
#usr/share/man/man3/gnutls_certificate_get_ours.3
#usr/share/man/man3/gnutls_certificate_get_peers.3
#usr/share/man/man3/gnutls_certificate_get_peers_subkey_id.3
#usr/share/man/man3/gnutls_certificate_set_key.3
#usr/share/man/man3/gnutls_certificate_set_known_dh_params.3
#usr/share/man/man3/gnutls_certificate_set_ocsp_status_request_file.3
+#usr/share/man/man3/gnutls_certificate_set_ocsp_status_request_file2.3
#usr/share/man/man3/gnutls_certificate_set_ocsp_status_request_function.3
#usr/share/man/man3/gnutls_certificate_set_ocsp_status_request_function2.3
+#usr/share/man/man3/gnutls_certificate_set_ocsp_status_request_mem.3
#usr/share/man/man3/gnutls_certificate_set_params_function.3
#usr/share/man/man3/gnutls_certificate_set_pin_function.3
+#usr/share/man/man3/gnutls_certificate_set_rawpk_key_file.3
+#usr/share/man/man3/gnutls_certificate_set_rawpk_key_mem.3
#usr/share/man/man3/gnutls_certificate_set_retrieve_function.3
#usr/share/man/man3/gnutls_certificate_set_retrieve_function2.3
+#usr/share/man/man3/gnutls_certificate_set_retrieve_function3.3
#usr/share/man/man3/gnutls_certificate_set_trust_list.3
#usr/share/man/man3/gnutls_certificate_set_verify_flags.3
#usr/share/man/man3/gnutls_certificate_set_verify_function.3
#usr/share/man/man3/gnutls_certificate_set_x509_trust_file.3
#usr/share/man/man3/gnutls_certificate_set_x509_trust_mem.3
#usr/share/man/man3/gnutls_certificate_type_get.3
+#usr/share/man/man3/gnutls_certificate_type_get2.3
#usr/share/man/man3/gnutls_certificate_type_get_id.3
#usr/share/man/man3/gnutls_certificate_type_get_name.3
#usr/share/man/man3/gnutls_certificate_type_list.3
#usr/share/man/man3/gnutls_crypto_register_digest.3
#usr/share/man/man3/gnutls_crypto_register_mac.3
#usr/share/man/man3/gnutls_db_check_entry.3
+#usr/share/man/man3/gnutls_db_check_entry_expire_time.3
#usr/share/man/man3/gnutls_db_check_entry_time.3
#usr/share/man/man3/gnutls_db_get_default_cache_expiration.3
#usr/share/man/man3/gnutls_db_get_ptr.3
#usr/share/man/man3/gnutls_db_set_retrieve_function.3
#usr/share/man/man3/gnutls_db_set_store_function.3
#usr/share/man/man3/gnutls_decode_ber_digest_info.3
+#usr/share/man/man3/gnutls_decode_gost_rs_value.3
+#usr/share/man/man3/gnutls_decode_rs_value.3
#usr/share/man/man3/gnutls_deinit.3
#usr/share/man/man3/gnutls_dh_get_group.3
#usr/share/man/man3/gnutls_dh_get_peers_public_bits.3
#usr/share/man/man3/gnutls_ecc_curve_get_size.3
#usr/share/man/man3/gnutls_ecc_curve_list.3
#usr/share/man/man3/gnutls_encode_ber_digest_info.3
+#usr/share/man/man3/gnutls_encode_gost_rs_value.3
+#usr/share/man/man3/gnutls_encode_rs_value.3
#usr/share/man/man3/gnutls_error_is_fatal.3
#usr/share/man/man3/gnutls_error_to_alert.3
#usr/share/man/man3/gnutls_est_record_overhead_size.3
+#usr/share/man/man3/gnutls_ext_get_current_msg.3
#usr/share/man/man3/gnutls_ext_get_data.3
#usr/share/man/man3/gnutls_ext_get_name.3
+#usr/share/man/man3/gnutls_ext_raw_parse.3
#usr/share/man/man3/gnutls_ext_register.3
#usr/share/man/man3/gnutls_ext_set_data.3
#usr/share/man/man3/gnutls_fingerprint.3
#usr/share/man/man3/gnutls_fips140_mode_enabled.3
+#usr/share/man/man3/gnutls_fips140_set_mode.3
#usr/share/man/man3/gnutls_global_deinit.3
#usr/share/man/man3/gnutls_global_init.3
#usr/share/man/man3/gnutls_global_set_audit_log_function.3
#usr/share/man/man3/gnutls_global_set_mem_functions.3
#usr/share/man/man3/gnutls_global_set_mutex.3
#usr/share/man/man3/gnutls_global_set_time_function.3
+#usr/share/man/man3/gnutls_gost_paramset_get_name.3
+#usr/share/man/man3/gnutls_gost_paramset_get_oid.3
+#usr/share/man/man3/gnutls_group_get.3
+#usr/share/man/man3/gnutls_group_get_id.3
+#usr/share/man/man3/gnutls_group_get_name.3
+#usr/share/man/man3/gnutls_group_list.3
#usr/share/man/man3/gnutls_handshake.3
#usr/share/man/man3/gnutls_handshake_description_get_name.3
#usr/share/man/man3/gnutls_handshake_get_last_in.3
#usr/share/man/man3/gnutls_ocsp_resp_check_crt.3
#usr/share/man/man3/gnutls_ocsp_resp_deinit.3
#usr/share/man/man3/gnutls_ocsp_resp_export.3
+#usr/share/man/man3/gnutls_ocsp_resp_export2.3
#usr/share/man/man3/gnutls_ocsp_resp_get_certs.3
#usr/share/man/man3/gnutls_ocsp_resp_get_extension.3
#usr/share/man/man3/gnutls_ocsp_resp_get_nonce.3
#usr/share/man/man3/gnutls_ocsp_resp_get_status.3
#usr/share/man/man3/gnutls_ocsp_resp_get_version.3
#usr/share/man/man3/gnutls_ocsp_resp_import.3
+#usr/share/man/man3/gnutls_ocsp_resp_import2.3
#usr/share/man/man3/gnutls_ocsp_resp_init.3
+#usr/share/man/man3/gnutls_ocsp_resp_list_import2.3
#usr/share/man/man3/gnutls_ocsp_resp_print.3
#usr/share/man/man3/gnutls_ocsp_resp_verify.3
#usr/share/man/man3/gnutls_ocsp_resp_verify_direct.3
#usr/share/man/man3/gnutls_ocsp_status_request_enable_client.3
#usr/share/man/man3/gnutls_ocsp_status_request_get.3
+#usr/share/man/man3/gnutls_ocsp_status_request_get2.3
#usr/share/man/man3/gnutls_ocsp_status_request_is_checked.3
#usr/share/man/man3/gnutls_oid_to_digest.3
#usr/share/man/man3/gnutls_oid_to_ecc_curve.3
+#usr/share/man/man3/gnutls_oid_to_gost_paramset.3
#usr/share/man/man3/gnutls_oid_to_mac.3
#usr/share/man/man3/gnutls_oid_to_pk.3
#usr/share/man/man3/gnutls_oid_to_sign.3
#usr/share/man/man3/gnutls_pcert_export_x509.3
#usr/share/man/man3/gnutls_pcert_import_openpgp.3
#usr/share/man/man3/gnutls_pcert_import_openpgp_raw.3
+#usr/share/man/man3/gnutls_pcert_import_rawpk.3
+#usr/share/man/man3/gnutls_pcert_import_rawpk_raw.3
#usr/share/man/man3/gnutls_pcert_import_x509.3
#usr/share/man/man3/gnutls_pcert_import_x509_list.3
#usr/share/man/man3/gnutls_pcert_import_x509_raw.3
+#usr/share/man/man3/gnutls_pcert_list_import_x509_file.3
#usr/share/man/man3/gnutls_pcert_list_import_x509_raw.3
#usr/share/man/man3/gnutls_pem_base64_decode.3
#usr/share/man/man3/gnutls_pem_base64_decode2.3
#usr/share/man/man3/gnutls_pkcs11_obj_get_exts.3
#usr/share/man/man3/gnutls_pkcs11_obj_get_flags.3
#usr/share/man/man3/gnutls_pkcs11_obj_get_info.3
+#usr/share/man/man3/gnutls_pkcs11_obj_get_ptr.3
#usr/share/man/man3/gnutls_pkcs11_obj_get_type.3
#usr/share/man/man3/gnutls_pkcs11_obj_import_url.3
#usr/share/man/man3/gnutls_pkcs11_obj_init.3
#usr/share/man/man3/gnutls_pkcs11_reinit.3
#usr/share/man/man3/gnutls_pkcs11_set_pin_function.3
#usr/share/man/man3/gnutls_pkcs11_set_token_function.3
+#usr/share/man/man3/gnutls_pkcs11_token_check_mechanism.3
#usr/share/man/man3/gnutls_pkcs11_token_get_flags.3
#usr/share/man/man3/gnutls_pkcs11_token_get_info.3
#usr/share/man/man3/gnutls_pkcs11_token_get_mechanism.3
+#usr/share/man/man3/gnutls_pkcs11_token_get_ptr.3
#usr/share/man/man3/gnutls_pkcs11_token_get_random.3
#usr/share/man/man3/gnutls_pkcs11_token_get_url.3
#usr/share/man/man3/gnutls_pkcs11_token_init.3
#usr/share/man/man3/gnutls_prf_raw.3
#usr/share/man/man3/gnutls_prf_rfc5705.3
#usr/share/man/man3/gnutls_priority_certificate_type_list.3
+#usr/share/man/man3/gnutls_priority_certificate_type_list2.3
#usr/share/man/man3/gnutls_priority_cipher_list.3
#usr/share/man/man3/gnutls_priority_compression_list.3
#usr/share/man/man3/gnutls_priority_deinit.3
#usr/share/man/man3/gnutls_priority_ecc_curve_list.3
#usr/share/man/man3/gnutls_priority_get_cipher_suite_index.3
+#usr/share/man/man3/gnutls_priority_group_list.3
#usr/share/man/man3/gnutls_priority_init.3
+#usr/share/man/man3/gnutls_priority_init2.3
#usr/share/man/man3/gnutls_priority_kx_list.3
#usr/share/man/man3/gnutls_priority_mac_list.3
#usr/share/man/man3/gnutls_priority_protocol_list.3
#usr/share/man/man3/gnutls_priority_sign_list.3
#usr/share/man/man3/gnutls_priority_string_list.3
#usr/share/man/man3/gnutls_privkey_decrypt_data.3
+#usr/share/man/man3/gnutls_privkey_decrypt_data2.3
#usr/share/man/man3/gnutls_privkey_deinit.3
#usr/share/man/man3/gnutls_privkey_export_dsa_raw.3
+#usr/share/man/man3/gnutls_privkey_export_dsa_raw2.3
#usr/share/man/man3/gnutls_privkey_export_ecc_raw.3
+#usr/share/man/man3/gnutls_privkey_export_ecc_raw2.3
+#usr/share/man/man3/gnutls_privkey_export_gost_raw2.3
#usr/share/man/man3/gnutls_privkey_export_openpgp.3
#usr/share/man/man3/gnutls_privkey_export_pkcs11.3
#usr/share/man/man3/gnutls_privkey_export_rsa_raw.3
+#usr/share/man/man3/gnutls_privkey_export_rsa_raw2.3
#usr/share/man/man3/gnutls_privkey_export_x509.3
#usr/share/man/man3/gnutls_privkey_generate.3
#usr/share/man/man3/gnutls_privkey_generate2.3
#usr/share/man/man3/gnutls_privkey_get_pk_algorithm.3
#usr/share/man/man3/gnutls_privkey_get_seed.3
+#usr/share/man/man3/gnutls_privkey_get_spki.3
#usr/share/man/man3/gnutls_privkey_get_type.3
#usr/share/man/man3/gnutls_privkey_import_dsa_raw.3
#usr/share/man/man3/gnutls_privkey_import_ecc_raw.3
#usr/share/man/man3/gnutls_privkey_import_ext.3
#usr/share/man/man3/gnutls_privkey_import_ext2.3
#usr/share/man/man3/gnutls_privkey_import_ext3.3
+#usr/share/man/man3/gnutls_privkey_import_ext4.3
+#usr/share/man/man3/gnutls_privkey_import_gost_raw.3
#usr/share/man/man3/gnutls_privkey_import_openpgp.3
#usr/share/man/man3/gnutls_privkey_import_openpgp_raw.3
#usr/share/man/man3/gnutls_privkey_import_pkcs11.3
#usr/share/man/man3/gnutls_privkey_init.3
#usr/share/man/man3/gnutls_privkey_set_flags.3
#usr/share/man/man3/gnutls_privkey_set_pin_function.3
+#usr/share/man/man3/gnutls_privkey_set_spki.3
#usr/share/man/man3/gnutls_privkey_sign_data.3
+#usr/share/man/man3/gnutls_privkey_sign_data2.3
#usr/share/man/man3/gnutls_privkey_sign_hash.3
+#usr/share/man/man3/gnutls_privkey_sign_hash2.3
#usr/share/man/man3/gnutls_privkey_status.3
#usr/share/man/man3/gnutls_privkey_verify_params.3
#usr/share/man/man3/gnutls_privkey_verify_seed.3
#usr/share/man/man3/gnutls_pubkey_export.3
#usr/share/man/man3/gnutls_pubkey_export2.3
#usr/share/man/man3/gnutls_pubkey_export_dsa_raw.3
+#usr/share/man/man3/gnutls_pubkey_export_dsa_raw2.3
#usr/share/man/man3/gnutls_pubkey_export_ecc_raw.3
+#usr/share/man/man3/gnutls_pubkey_export_ecc_raw2.3
#usr/share/man/man3/gnutls_pubkey_export_ecc_x962.3
+#usr/share/man/man3/gnutls_pubkey_export_gost_raw2.3
#usr/share/man/man3/gnutls_pubkey_export_rsa_raw.3
+#usr/share/man/man3/gnutls_pubkey_export_rsa_raw2.3
#usr/share/man/man3/gnutls_pubkey_get_key_id.3
#usr/share/man/man3/gnutls_pubkey_get_key_usage.3
#usr/share/man/man3/gnutls_pubkey_get_openpgp_key_id.3
#usr/share/man/man3/gnutls_pubkey_get_pk_algorithm.3
#usr/share/man/man3/gnutls_pubkey_get_preferred_hash_algorithm.3
+#usr/share/man/man3/gnutls_pubkey_get_spki.3
#usr/share/man/man3/gnutls_pubkey_import.3
#usr/share/man/man3/gnutls_pubkey_import_dsa_raw.3
#usr/share/man/man3/gnutls_pubkey_import_ecc_raw.3
#usr/share/man/man3/gnutls_pubkey_import_ecc_x962.3
+#usr/share/man/man3/gnutls_pubkey_import_gost_raw.3
#usr/share/man/man3/gnutls_pubkey_import_openpgp.3
#usr/share/man/man3/gnutls_pubkey_import_openpgp_raw.3
#usr/share/man/man3/gnutls_pubkey_import_pkcs11.3
#usr/share/man/man3/gnutls_pubkey_print.3
#usr/share/man/man3/gnutls_pubkey_set_key_usage.3
#usr/share/man/man3/gnutls_pubkey_set_pin_function.3
+#usr/share/man/man3/gnutls_pubkey_set_spki.3
#usr/share/man/man3/gnutls_pubkey_verify_data2.3
#usr/share/man/man3/gnutls_pubkey_verify_hash2.3
#usr/share/man/man3/gnutls_pubkey_verify_params.3
#usr/share/man/man3/gnutls_random_art.3
#usr/share/man/man3/gnutls_range_split.3
+#usr/share/man/man3/gnutls_reauth.3
#usr/share/man/man3/gnutls_record_can_use_length_hiding.3
#usr/share/man/man3/gnutls_record_check_corked.3
#usr/share/man/man3/gnutls_record_check_pending.3
#usr/share/man/man3/gnutls_record_discard_queued.3
#usr/share/man/man3/gnutls_record_get_direction.3
#usr/share/man/man3/gnutls_record_get_discarded.3
+#usr/share/man/man3/gnutls_record_get_max_early_data_size.3
#usr/share/man/man3/gnutls_record_get_max_size.3
#usr/share/man/man3/gnutls_record_get_state.3
#usr/share/man/man3/gnutls_record_overhead_size.3
#usr/share/man/man3/gnutls_record_recv.3
+#usr/share/man/man3/gnutls_record_recv_early_data.3
#usr/share/man/man3/gnutls_record_recv_packet.3
#usr/share/man/man3/gnutls_record_recv_seq.3
#usr/share/man/man3/gnutls_record_send.3
+#usr/share/man/man3/gnutls_record_send2.3
+#usr/share/man/man3/gnutls_record_send_early_data.3
#usr/share/man/man3/gnutls_record_send_range.3
+#usr/share/man/man3/gnutls_record_set_max_early_data_size.3
#usr/share/man/man3/gnutls_record_set_max_size.3
#usr/share/man/man3/gnutls_record_set_state.3
#usr/share/man/man3/gnutls_record_set_timeout.3
#usr/share/man/man3/gnutls_session_get_random.3
#usr/share/man/man3/gnutls_session_get_verify_cert_status.3
#usr/share/man/man3/gnutls_session_is_resumed.3
+#usr/share/man/man3/gnutls_session_key_update.3
#usr/share/man/man3/gnutls_session_resumption_requested.3
#usr/share/man/man3/gnutls_session_set_data.3
#usr/share/man/man3/gnutls_session_set_id.3
#usr/share/man/man3/gnutls_session_ticket_enable_client.3
#usr/share/man/man3/gnutls_session_ticket_enable_server.3
#usr/share/man/man3/gnutls_session_ticket_key_generate.3
+#usr/share/man/man3/gnutls_session_ticket_send.3
#usr/share/man/man3/gnutls_set_default_priority.3
+#usr/share/man/man3/gnutls_set_default_priority_append.3
#usr/share/man/man3/gnutls_sign_algorithm_get.3
#usr/share/man/man3/gnutls_sign_algorithm_get_client.3
#usr/share/man/man3/gnutls_sign_algorithm_get_requested.3
#usr/share/man/man3/gnutls_sign_get_oid.3
#usr/share/man/man3/gnutls_sign_get_pk_algorithm.3
#usr/share/man/man3/gnutls_sign_is_secure.3
+#usr/share/man/man3/gnutls_sign_is_secure2.3
#usr/share/man/man3/gnutls_sign_list.3
+#usr/share/man/man3/gnutls_sign_supports_pk_algorithm.3
#usr/share/man/man3/gnutls_srp_allocate_client_credentials.3
#usr/share/man/man3/gnutls_srp_allocate_server_credentials.3
#usr/share/man/man3/gnutls_srp_base64_decode.3
#usr/share/man/man3/gnutls_x509_crq_get_private_key_usage_period.3
#usr/share/man/man3/gnutls_x509_crq_get_signature_algorithm.3
#usr/share/man/man3/gnutls_x509_crq_get_signature_oid.3
+#usr/share/man/man3/gnutls_x509_crq_get_spki.3
#usr/share/man/man3/gnutls_x509_crq_get_subject_alt_name.3
#usr/share/man/man3/gnutls_x509_crq_get_subject_alt_othername_oid.3
#usr/share/man/man3/gnutls_x509_crq_get_tlsfeatures.3
#usr/share/man/man3/gnutls_x509_crq_set_key_usage.3
#usr/share/man/man3/gnutls_x509_crq_set_private_key_usage_period.3
#usr/share/man/man3/gnutls_x509_crq_set_pubkey.3
+#usr/share/man/man3/gnutls_x509_crq_set_spki.3
#usr/share/man/man3/gnutls_x509_crq_set_subject_alt_name.3
#usr/share/man/man3/gnutls_x509_crq_set_subject_alt_othername.3
#usr/share/man/man3/gnutls_x509_crq_set_tlsfeatures.3
#usr/share/man/man3/gnutls_x509_crt_check_email.3
#usr/share/man/man3/gnutls_x509_crt_check_hostname.3
#usr/share/man/man3/gnutls_x509_crt_check_hostname2.3
+#usr/share/man/man3/gnutls_x509_crt_check_ip.3
#usr/share/man/man3/gnutls_x509_crt_check_issuer.3
#usr/share/man/man3/gnutls_x509_crt_check_key_purpose.3
#usr/share/man/man3/gnutls_x509_crt_check_revocation.3
#usr/share/man/man3/gnutls_x509_crt_get_extension_info.3
#usr/share/man/man3/gnutls_x509_crt_get_extension_oid.3
#usr/share/man/man3/gnutls_x509_crt_get_fingerprint.3
+#usr/share/man/man3/gnutls_x509_crt_get_inhibit_anypolicy.3
#usr/share/man/man3/gnutls_x509_crt_get_issuer.3
#usr/share/man/man3/gnutls_x509_crt_get_issuer_alt_name.3
#usr/share/man/man3/gnutls_x509_crt_get_issuer_alt_name2.3
#usr/share/man/man3/gnutls_x509_crt_get_pk_algorithm.3
#usr/share/man/man3/gnutls_x509_crt_get_pk_dsa_raw.3
#usr/share/man/man3/gnutls_x509_crt_get_pk_ecc_raw.3
+#usr/share/man/man3/gnutls_x509_crt_get_pk_gost_raw.3
#usr/share/man/man3/gnutls_x509_crt_get_pk_oid.3
#usr/share/man/man3/gnutls_x509_crt_get_pk_rsa_raw.3
#usr/share/man/man3/gnutls_x509_crt_get_policy.3
#usr/share/man/man3/gnutls_x509_crt_get_signature.3
#usr/share/man/man3/gnutls_x509_crt_get_signature_algorithm.3
#usr/share/man/man3/gnutls_x509_crt_get_signature_oid.3
+#usr/share/man/man3/gnutls_x509_crt_get_spki.3
#usr/share/man/man3/gnutls_x509_crt_get_subject.3
#usr/share/man/man3/gnutls_x509_crt_get_subject_alt_name.3
#usr/share/man/man3/gnutls_x509_crt_get_subject_alt_name2.3
#usr/share/man/man3/gnutls_x509_crt_list_import.3
#usr/share/man/man3/gnutls_x509_crt_list_import2.3
#usr/share/man/man3/gnutls_x509_crt_list_import_pkcs11.3
+#usr/share/man/man3/gnutls_x509_crt_list_import_url.3
#usr/share/man/man3/gnutls_x509_crt_list_verify.3
#usr/share/man/man3/gnutls_x509_crt_print.3
#usr/share/man/man3/gnutls_x509_crt_privkey_sign.3
#usr/share/man/man3/gnutls_x509_crt_set_dn_by_oid.3
#usr/share/man/man3/gnutls_x509_crt_set_expiration_time.3
#usr/share/man/man3/gnutls_x509_crt_set_extension_by_oid.3
+#usr/share/man/man3/gnutls_x509_crt_set_flags.3
+#usr/share/man/man3/gnutls_x509_crt_set_inhibit_anypolicy.3
#usr/share/man/man3/gnutls_x509_crt_set_issuer_alt_name.3
#usr/share/man/man3/gnutls_x509_crt_set_issuer_alt_othername.3
#usr/share/man/man3/gnutls_x509_crt_set_issuer_dn.3
#usr/share/man/man3/gnutls_x509_crt_set_proxy_dn.3
#usr/share/man/man3/gnutls_x509_crt_set_pubkey.3
#usr/share/man/man3/gnutls_x509_crt_set_serial.3
+#usr/share/man/man3/gnutls_x509_crt_set_spki.3
#usr/share/man/man3/gnutls_x509_crt_set_subject_alt_name.3
#usr/share/man/man3/gnutls_x509_crt_set_subject_alt_othername.3
#usr/share/man/man3/gnutls_x509_crt_set_subject_alternative_name.3
#usr/share/man/man3/gnutls_x509_ext_export_authority_key_id.3
#usr/share/man/man3/gnutls_x509_ext_export_basic_constraints.3
#usr/share/man/man3/gnutls_x509_ext_export_crl_dist_points.3
+#usr/share/man/man3/gnutls_x509_ext_export_inhibit_anypolicy.3
#usr/share/man/man3/gnutls_x509_ext_export_key_purposes.3
#usr/share/man/man3/gnutls_x509_ext_export_key_usage.3
#usr/share/man/man3/gnutls_x509_ext_export_name_constraints.3
#usr/share/man/man3/gnutls_x509_ext_import_authority_key_id.3
#usr/share/man/man3/gnutls_x509_ext_import_basic_constraints.3
#usr/share/man/man3/gnutls_x509_ext_import_crl_dist_points.3
+#usr/share/man/man3/gnutls_x509_ext_import_inhibit_anypolicy.3
#usr/share/man/man3/gnutls_x509_ext_import_key_purposes.3
#usr/share/man/man3/gnutls_x509_ext_import_key_usage.3
#usr/share/man/man3/gnutls_x509_ext_import_name_constraints.3
#usr/share/man/man3/gnutls_x509_privkey_export2_pkcs8.3
#usr/share/man/man3/gnutls_x509_privkey_export_dsa_raw.3
#usr/share/man/man3/gnutls_x509_privkey_export_ecc_raw.3
+#usr/share/man/man3/gnutls_x509_privkey_export_gost_raw.3
#usr/share/man/man3/gnutls_x509_privkey_export_pkcs8.3
#usr/share/man/man3/gnutls_x509_privkey_export_rsa_raw.3
#usr/share/man/man3/gnutls_x509_privkey_export_rsa_raw2.3
#usr/share/man/man3/gnutls_x509_privkey_get_pk_algorithm.3
#usr/share/man/man3/gnutls_x509_privkey_get_pk_algorithm2.3
#usr/share/man/man3/gnutls_x509_privkey_get_seed.3
+#usr/share/man/man3/gnutls_x509_privkey_get_spki.3
#usr/share/man/man3/gnutls_x509_privkey_import.3
#usr/share/man/man3/gnutls_x509_privkey_import2.3
#usr/share/man/man3/gnutls_x509_privkey_import_dsa_raw.3
#usr/share/man/man3/gnutls_x509_privkey_import_ecc_raw.3
+#usr/share/man/man3/gnutls_x509_privkey_import_gost_raw.3
#usr/share/man/man3/gnutls_x509_privkey_import_openssl.3
#usr/share/man/man3/gnutls_x509_privkey_import_pkcs8.3
#usr/share/man/man3/gnutls_x509_privkey_import_rsa_raw.3
#usr/share/man/man3/gnutls_x509_privkey_sec_param.3
#usr/share/man/man3/gnutls_x509_privkey_set_flags.3
#usr/share/man/man3/gnutls_x509_privkey_set_pin_function.3
+#usr/share/man/man3/gnutls_x509_privkey_set_spki.3
#usr/share/man/man3/gnutls_x509_privkey_sign_data.3
#usr/share/man/man3/gnutls_x509_privkey_sign_hash.3
#usr/share/man/man3/gnutls_x509_privkey_verify_params.3
#usr/share/man/man3/gnutls_x509_rdn_get2.3
#usr/share/man/man3/gnutls_x509_rdn_get_by_oid.3
#usr/share/man/man3/gnutls_x509_rdn_get_oid.3
+#usr/share/man/man3/gnutls_x509_spki_deinit.3
+#usr/share/man/man3/gnutls_x509_spki_get_rsa_pss_params.3
+#usr/share/man/man3/gnutls_x509_spki_init.3
+#usr/share/man/man3/gnutls_x509_spki_set_rsa_pss_params.3
#usr/share/man/man3/gnutls_x509_tlsfeatures_add.3
#usr/share/man/man3/gnutls_x509_tlsfeatures_check_crt.3
#usr/share/man/man3/gnutls_x509_tlsfeatures_deinit.3
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-snort
+etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
-etc/rc.d/init.d/snort
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
etc/rc.d/init.d/swap
etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K77conntrackd
-etc/rc.d/rc0.d/K78snort
+etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K77conntrackd
-etc/rc.d/rc6.d/K78snort
+etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
--- /dev/null
+var/ipfire/suricata/ruleset-sources
--- /dev/null
+#usr/bin/captest
+#usr/bin/filecap
+#usr/bin/netcap
+#usr/bin/pscap
+#usr/include/cap-ng.h
+#usr/lib/libcap-ng.la
+#usr/lib/libcap-ng.so
+usr/lib/libcap-ng.so.0
+usr/lib/libcap-ng.so.0.0.0
+#usr/lib/pkgconfig/libcap-ng.pc
+#usr/lib/python2.7/site-packages/_capng.la
+#usr/lib/python2.7/site-packages/_capng.so
+#usr/lib/python2.7/site-packages/capng.py
+#usr/lib/python2.7/site-packages/capng.pyc
+#usr/lib/python2.7/site-packages/capng.pyo
+#usr/lib/python3.6/site-packages/__pycache__/capng.cpython-36.opt-1.pyc
+#usr/lib/python3.6/site-packages/__pycache__/capng.cpython-36.pyc
+#usr/lib/python3.6/site-packages/_capng.la
+#usr/lib/python3.6/site-packages/_capng.so
+#usr/lib/python3.6/site-packages/capng.py
+#usr/share/aclocal/cap-ng.m4
+#usr/share/man/man3/capng_apply.3
+#usr/share/man/man3/capng_capability_to_name.3
+#usr/share/man/man3/capng_change_id.3
+#usr/share/man/man3/capng_clear.3
+#usr/share/man/man3/capng_fill.3
+#usr/share/man/man3/capng_get_caps_fd.3
+#usr/share/man/man3/capng_get_caps_process.3
+#usr/share/man/man3/capng_have_capabilities.3
+#usr/share/man/man3/capng_have_capability.3
+#usr/share/man/man3/capng_lock.3
+#usr/share/man/man3/capng_name_to_capability.3
+#usr/share/man/man3/capng_print_caps_numeric.3
+#usr/share/man/man3/capng_print_caps_text.3
+#usr/share/man/man3/capng_restore_state.3
+#usr/share/man/man3/capng_save_state.3
+#usr/share/man/man3/capng_set_caps_fd.3
+#usr/share/man/man3/capng_setpid.3
+#usr/share/man/man3/capng_update.3
+#usr/share/man/man3/capng_updatev.3
+#usr/share/man/man8/captest.8
+#usr/share/man/man8/filecap.8
+#usr/share/man/man8/netcap.8
+#usr/share/man/man8/pscap.8
--- /dev/null
+#usr/include/htp
+#usr/include/htp/bstr.h
+#usr/include/htp/bstr_builder.h
+#usr/include/htp/htp.h
+#usr/include/htp/htp_base64.h
+#usr/include/htp/htp_config.h
+#usr/include/htp/htp_connection_parser.h
+#usr/include/htp/htp_core.h
+#usr/include/htp/htp_decompressors.h
+#usr/include/htp/htp_hooks.h
+#usr/include/htp/htp_list.h
+#usr/include/htp/htp_multipart.h
+#usr/include/htp/htp_table.h
+#usr/include/htp/htp_transaction.h
+#usr/include/htp/htp_urlencoded.h
+#usr/include/htp/htp_utf8_decoder.h
+#usr/include/htp/htp_version.h
+#usr/lib/libhtp.la
+#usr/lib/libhtp.so
+usr/lib/libhtp.so.2
+usr/lib/libhtp.so.2.0.0
+#usr/lib/pkgconfig/htp.pc
#usr/local/bin/sambactrl
usr/local/bin/setaliases
usr/local/bin/smartctrl
-usr/local/bin/snortctrl
usr/local/bin/squidctrl
+usr/local/bin/suricatactrl
usr/local/bin/sshctrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/include/nettle/cast128.h
#usr/include/nettle/cbc.h
#usr/include/nettle/ccm.h
+#usr/include/nettle/cfb.h
#usr/include/nettle/chacha-poly1305.h
#usr/include/nettle/chacha.h
#usr/include/nettle/ctr.h
#usr/include/nettle/eddsa.h
#usr/include/nettle/gcm.h
#usr/include/nettle/gosthash94.h
+#usr/include/nettle/hkdf.h
#usr/include/nettle/hmac.h
#usr/include/nettle/knuth-lfib.h
#usr/include/nettle/macros.h
#usr/include/nettle/pgp.h
#usr/include/nettle/pkcs1.h
#usr/include/nettle/poly1305.h
+#usr/include/nettle/pss-mgf1.h
+#usr/include/nettle/pss.h
#usr/include/nettle/realloc.h
#usr/include/nettle/ripemd160.h
#usr/include/nettle/rsa.h
#usr/include/nettle/yarrow.h
usr/lib/libhogweed.so
usr/lib/libhogweed.so.4
-usr/lib/libhogweed.so.4.3
+usr/lib/libhogweed.so.4.5
#usr/lib/libnettle.so
usr/lib/libnettle.so.6
-usr/lib/libnettle.so.6.3
+usr/lib/libnettle.so.6.5
#usr/lib/pkgconfig/hogweed.pc
#usr/lib/pkgconfig/nettle.pc
usr/local/bin/oinkmaster.pl
-var/ipfire/snort/oinkmaster.conf
+var/ipfire/suricata/oinkmaster.conf
#usr/lib/librrd.la
#usr/lib/librrd.so
usr/lib/librrd.so.8
-usr/lib/librrd.so.8.0.0
+usr/lib/librrd.so.8.2.0
usr/lib/perl5/site_perl/5.12.3/RRDp.pm
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/RRDs.pm
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDp
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.bs
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so
#usr/lib/pkgconfig/librrd.pc
-#usr/share/doc/rrdtool-1.6.0
-#usr/share/doc/rrdtool-1.6.0/html
-#usr/share/doc/rrdtool-1.6.0/html/RRDp.html
-#usr/share/doc/rrdtool-1.6.0/html/RRDs.html
-#usr/share/doc/rrdtool-1.6.0/html/bin_dec_hex.html
-#usr/share/doc/rrdtool-1.6.0/html/cdeftutorial.html
-#usr/share/doc/rrdtool-1.6.0/html/index.html
-#usr/share/doc/rrdtool-1.6.0/html/librrd.html
-#usr/share/doc/rrdtool-1.6.0/html/rpntutorial.html
-#usr/share/doc/rrdtool-1.6.0/html/rrd-beginners.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdbuild.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdcached.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdcgi.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdcreate.html
-#usr/share/doc/rrdtool-1.6.0/html/rrddump.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdfetch.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdfirst.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdflushcached.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdgraph.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdgraph_data.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdgraph_examples.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdgraph_graph.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdgraph_rpn.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdinfo.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdlast.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdlastupdate.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdlua.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdresize.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdrestore.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdthreads.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdtool.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdtune.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdtutorial.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdupdate.html
-#usr/share/doc/rrdtool-1.6.0/html/rrdxport.html
-#usr/share/doc/rrdtool-1.6.0/txt
-#usr/share/doc/rrdtool-1.6.0/txt/bin_dec_hex.pod
-#usr/share/doc/rrdtool-1.6.0/txt/bin_dec_hex.txt
-#usr/share/doc/rrdtool-1.6.0/txt/cdeftutorial.pod
-#usr/share/doc/rrdtool-1.6.0/txt/cdeftutorial.txt
-#usr/share/doc/rrdtool-1.6.0/txt/librrd.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rpntutorial.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rpntutorial.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrd-beginners.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrd-beginners.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdbuild.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdbuild.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcached.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcached.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcgi.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcgi.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcreate.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdcreate.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrddump.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrddump.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdfetch.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdfetch.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdfirst.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdfirst.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdflushcached.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdflushcached.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_data.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_data.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_examples.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_examples.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_graph.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_graph.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_rpn.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdgraph_rpn.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdinfo.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdinfo.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlast.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlast.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlastupdate.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlastupdate.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlua.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdlua.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdresize.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdresize.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdrestore.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdrestore.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdthreads.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdthreads.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtool.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtool.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtune.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtune.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtutorial.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdtutorial.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdupdate.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdupdate.txt
-#usr/share/doc/rrdtool-1.6.0/txt/rrdxport.pod
-#usr/share/doc/rrdtool-1.6.0/txt/rrdxport.txt
+#usr/share/doc/rrdtool-1.7.1
+#usr/share/doc/rrdtool-1.7.1/html
+#usr/share/doc/rrdtool-1.7.1/html/RRDp.html
+#usr/share/doc/rrdtool-1.7.1/html/RRDs.html
+#usr/share/doc/rrdtool-1.7.1/html/bin_dec_hex.html
+#usr/share/doc/rrdtool-1.7.1/html/cdeftutorial.html
+#usr/share/doc/rrdtool-1.7.1/html/index.html
+#usr/share/doc/rrdtool-1.7.1/html/librrd.html
+#usr/share/doc/rrdtool-1.7.1/html/rpntutorial.html
+#usr/share/doc/rrdtool-1.7.1/html/rrd-beginners.html
+#usr/share/doc/rrdtool-1.7.1/html/rrd_pdpcalc.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdbuild.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdcached.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdcgi.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdcreate.html
+#usr/share/doc/rrdtool-1.7.1/html/rrddump.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdfetch.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdfirst.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdflushcached.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdgraph.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdgraph_data.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdgraph_examples.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdgraph_graph.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdgraph_rpn.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdinfo.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdlast.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdlastupdate.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdlist.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdlua.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdresize.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdrestore.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdthreads.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdtool.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdtune.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdtutorial.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdupdate.html
+#usr/share/doc/rrdtool-1.7.1/html/rrdxport.html
+#usr/share/doc/rrdtool-1.7.1/txt
+#usr/share/doc/rrdtool-1.7.1/txt/bin_dec_hex.pod
+#usr/share/doc/rrdtool-1.7.1/txt/bin_dec_hex.txt
+#usr/share/doc/rrdtool-1.7.1/txt/cdeftutorial.pod
+#usr/share/doc/rrdtool-1.7.1/txt/cdeftutorial.txt
+#usr/share/doc/rrdtool-1.7.1/txt/librrd.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rpntutorial.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rpntutorial.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrd-beginners.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrd-beginners.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrd_pdpcalc.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrd_pdpcalc.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdbuild.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdbuild.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcached.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcached.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcgi.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcgi.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcreate.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdcreate.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrddump.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrddump.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdfetch.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdfetch.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdfirst.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdfirst.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdflushcached.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdflushcached.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_data.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_data.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_examples.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_examples.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_graph.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_graph.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_rpn.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdgraph_rpn.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdinfo.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdinfo.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlast.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlast.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlastupdate.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlastupdate.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlist.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlist.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlua.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdlua.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdresize.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdresize.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdrestore.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdrestore.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdthreads.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdthreads.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtool.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtool.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtune.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtune.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtutorial.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdtutorial.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdupdate.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdupdate.txt
+#usr/share/doc/rrdtool-1.7.1/txt/rrdxport.pod
+#usr/share/doc/rrdtool-1.7.1/txt/rrdxport.txt
+#usr/share/locale/fr/LC_MESSAGES/rrdtool.mo
+#usr/share/locale/hu/LC_MESSAGES/rrdtool.mo
#usr/share/man/man1/bin_dec_hex.1
#usr/share/man/man1/cdeftutorial.1
#usr/share/man/man1/rpntutorial.1
#usr/share/man/man1/rrd-beginners.1
+#usr/share/man/man1/rrd_pdpcalc.1
#usr/share/man/man1/rrdbuild.1
#usr/share/man/man1/rrdcached.1
#usr/share/man/man1/rrdcgi.1
#usr/share/man/man1/rrdinfo.1
#usr/share/man/man1/rrdlast.1
#usr/share/man/man1/rrdlastupdate.1
-#usr/share/man/man1/rrdlua.1
+#usr/share/man/man1/rrdlist.1
#usr/share/man/man1/rrdresize.1
#usr/share/man/man1/rrdrestore.1
#usr/share/man/man1/rrdthreads.1
#usr/share/rrdtool/examples/stripes.pl
#usr/share/rrdtool/examples/stripes.py
var/log/rrd
+usr/lib/collectd/rrdcached.so
+usr/lib/collectd/rrdtool.so
+++ /dev/null
-#etc/snort
-etc/snort/rules
-#etc/snort/rules/classification.config
-#etc/snort/rules/reference.config
-etc/snort/snort.conf
-etc/snort/snort.conf.template
-etc/snort/unicode.map
-usr/bin/u2boat
-usr/bin/u2spewfoo
-#usr/include/snort
-#usr/include/snort/dynamic_output
-#usr/include/snort/dynamic_output/bitop.h
-#usr/include/snort/dynamic_output/ipv6_port.h
-#usr/include/snort/dynamic_output/obfuscation.h
-#usr/include/snort/dynamic_output/output_api.h
-#usr/include/snort/dynamic_output/output_common.h
-#usr/include/snort/dynamic_output/output_lib.h
-#usr/include/snort/dynamic_output/preprocids.h
-#usr/include/snort/dynamic_output/sfPolicy.h
-#usr/include/snort/dynamic_output/sf_dynamic_common.h
-#usr/include/snort/dynamic_output/sf_ip.h
-#usr/include/snort/dynamic_output/sf_protocols.h
-#usr/include/snort/dynamic_output/sf_snort_packet.h
-#usr/include/snort/dynamic_output/sfrt.h
-#usr/include/snort/dynamic_output/sfrt_dir.h
-#usr/include/snort/dynamic_output/sfrt_trie.h
-#usr/include/snort/dynamic_output/snort_debug.h
-#usr/include/snort/dynamic_output/stream_api.h
-#usr/include/snort/dynamic_preproc
-#usr/include/snort/dynamic_preproc/appdata_adjuster.h
-#usr/include/snort/dynamic_preproc/bitop.h
-#usr/include/snort/dynamic_preproc/cpuclock.h
-#usr/include/snort/dynamic_preproc/file_api.h
-#usr/include/snort/dynamic_preproc/idle_processing.h
-#usr/include/snort/dynamic_preproc/ipv6_port.h
-#usr/include/snort/dynamic_preproc/mempool.h
-#usr/include/snort/dynamic_preproc/mpse_methods.h
-#usr/include/snort/dynamic_preproc/obfuscation.h
-#usr/include/snort/dynamic_preproc/packet_time.h
-#usr/include/snort/dynamic_preproc/perf_indicators.h
-#usr/include/snort/dynamic_preproc/preprocids.h
-#usr/include/snort/dynamic_preproc/profiler.h
-#usr/include/snort/dynamic_preproc/reg_test.h
-#usr/include/snort/dynamic_preproc/reload_api.h
-#usr/include/snort/dynamic_preproc/segment_mem.h
-#usr/include/snort/dynamic_preproc/session_api.h
-#usr/include/snort/dynamic_preproc/sfPolicy.h
-#usr/include/snort/dynamic_preproc/sfPolicyUserData.h
-#usr/include/snort/dynamic_preproc/sf_decompression.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_common.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_define.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_engine.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_meta.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_preproc_lib.h
-#usr/include/snort/dynamic_preproc/sf_dynamic_preprocessor.h
-#usr/include/snort/dynamic_preproc/sf_ip.h
-#usr/include/snort/dynamic_preproc/sf_preproc_info.h
-#usr/include/snort/dynamic_preproc/sf_protocols.h
-#usr/include/snort/dynamic_preproc/sf_sdlist_types.h
-#usr/include/snort/dynamic_preproc/sf_seqnums.h
-#usr/include/snort/dynamic_preproc/sf_snort_packet.h
-#usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
-#usr/include/snort/dynamic_preproc/sfcommon.h
-#usr/include/snort/dynamic_preproc/sfcontrol.h
-#usr/include/snort/dynamic_preproc/sfrt.h
-#usr/include/snort/dynamic_preproc/sfrt_dir.h
-#usr/include/snort/dynamic_preproc/sfrt_flat.h
-#usr/include/snort/dynamic_preproc/sfrt_flat_dir.h
-#usr/include/snort/dynamic_preproc/sfrt_trie.h
-#usr/include/snort/dynamic_preproc/sidechannel_define.h
-#usr/include/snort/dynamic_preproc/snort_bounds.h
-#usr/include/snort/dynamic_preproc/snort_debug.h
-#usr/include/snort/dynamic_preproc/ssl.h
-#usr/include/snort/dynamic_preproc/ssl_config.h
-#usr/include/snort/dynamic_preproc/ssl_ha.h
-#usr/include/snort/dynamic_preproc/ssl_include.h
-#usr/include/snort/dynamic_preproc/ssl_inspect.h
-#usr/include/snort/dynamic_preproc/ssl_session.h
-#usr/include/snort/dynamic_preproc/str_search.h
-#usr/include/snort/dynamic_preproc/stream_api.h
-#usr/lib/pkgconfig/snort.pc
-#usr/lib/pkgconfig/snort_output.pc
-#usr/lib/pkgconfig/snort_preproc.pc
-#usr/lib/snort
-usr/lib/snort/dynamic_output
-#usr/lib/snort/dynamic_output/libsf_dynamic_output.a
-#usr/lib/snort/dynamic_output/libsf_dynamic_output.la
-usr/lib/snort/dynamic_preproc
-#usr/lib/snort/dynamic_preproc/libsf_dynamic_preproc.a
-#usr/lib/snort/dynamic_preproc/libsf_dynamic_preproc.la
-#usr/lib/snort/dynamic_preproc/libsf_dynamic_utils.a
-#usr/lib/snort/dynamic_preproc/libsf_dynamic_utils.la
-usr/lib/snort_dynamicengine
-#usr/lib/snort_dynamicengine/libsf_engine.a
-#usr/lib/snort_dynamicengine/libsf_engine.la
-#usr/lib/snort_dynamicengine/libsf_engine.so
-#usr/lib/snort_dynamicengine/libsf_engine.so.0
-#usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
-usr/lib/snort_dynamicpreprocessor
-#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a
-#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
-#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
-#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0
-#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
-usr/sbin/snort
-#usr/share/doc/snort
-#usr/share/doc/snort/AUTHORS
-#usr/share/doc/snort/BUGS
-#usr/share/doc/snort/CREDITS
-#usr/share/doc/snort/INSTALL
-#usr/share/doc/snort/NEWS
-#usr/share/doc/snort/OpenDetectorDeveloperGuide.pdf
-#usr/share/doc/snort/PROBLEMS
-#usr/share/doc/snort/README
-#usr/share/doc/snort/README.GTP
-#usr/share/doc/snort/README.PLUGINS
-#usr/share/doc/snort/README.PerfProfiling
-#usr/share/doc/snort/README.SMTP
-#usr/share/doc/snort/README.UNSOCK
-#usr/share/doc/snort/README.WIN32
-#usr/share/doc/snort/README.active
-#usr/share/doc/snort/README.alert_order
-#usr/share/doc/snort/README.appid
-#usr/share/doc/snort/README.asn1
-#usr/share/doc/snort/README.counts
-#usr/share/doc/snort/README.csv
-#usr/share/doc/snort/README.daq
-#usr/share/doc/snort/README.dcerpc2
-#usr/share/doc/snort/README.decode
-#usr/share/doc/snort/README.decoder_preproc_rules
-#usr/share/doc/snort/README.dnp3
-#usr/share/doc/snort/README.dns
-#usr/share/doc/snort/README.event_queue
-#usr/share/doc/snort/README.file
-#usr/share/doc/snort/README.file_ips
-#usr/share/doc/snort/README.filters
-#usr/share/doc/snort/README.flowbits
-#usr/share/doc/snort/README.frag3
-#usr/share/doc/snort/README.ftptelnet
-#usr/share/doc/snort/README.gre
-#usr/share/doc/snort/README.ha
-#usr/share/doc/snort/README.http_inspect
-#usr/share/doc/snort/README.imap
-#usr/share/doc/snort/README.ipip
-#usr/share/doc/snort/README.ipv6
-#usr/share/doc/snort/README.modbus
-#usr/share/doc/snort/README.multipleconfigs
-#usr/share/doc/snort/README.normalize
-#usr/share/doc/snort/README.pcap_readmode
-#usr/share/doc/snort/README.pop
-#usr/share/doc/snort/README.ppm
-#usr/share/doc/snort/README.reload
-#usr/share/doc/snort/README.reputation
-#usr/share/doc/snort/README.sensitive_data
-#usr/share/doc/snort/README.sfportscan
-#usr/share/doc/snort/README.sip
-#usr/share/doc/snort/README.ssh
-#usr/share/doc/snort/README.ssl
-#usr/share/doc/snort/README.stream5
-#usr/share/doc/snort/README.tag
-#usr/share/doc/snort/README.thresholding
-#usr/share/doc/snort/README.u2boat
-#usr/share/doc/snort/README.unified2
-#usr/share/doc/snort/README.variables
-#usr/share/doc/snort/TODO
-#usr/share/doc/snort/USAGE
-#usr/share/doc/snort/WISHLIST
-#usr/share/doc/snort/generators
-#usr/share/man/man8/snort.8
-var/log/snort
usr/local/bin/timecheck
usr/local/bin/timezone-transition
usr/local/bin/update-lang-cache
+usr/local/bin/update-ids-ruleset
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
#usr/local/include
--- /dev/null
+etc/suricata
+etc/suricata/suricata.yaml
+usr/bin/suricata
+#usr/share/doc/suricata
+#usr/share/doc/suricata/AUTHORS
+#usr/share/doc/suricata/Basic_Setup.txt
+#usr/share/doc/suricata/GITGUIDE
+#usr/share/doc/suricata/INSTALL
+#usr/share/doc/suricata/INSTALL.PF_RING
+#usr/share/doc/suricata/INSTALL.WINDOWS
+#usr/share/doc/suricata/NEWS
+#usr/share/doc/suricata/README
+#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
+#usr/share/doc/suricata/TODO
+#usr/share/doc/suricata/Third_Party_Installation_Guides.txt
+#usr/share/man/man1/suricata.1
+var/lib/suricata
+var/lib/suricata/classification.config
+var/lib/suricata/reference.config
+var/lib/suricata/threshold.config
+var/log/suricata
+#var/log/suricata/certs
+#var/log/suricata/files
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.0
+usr/lib/libunbound.so.8.1.1
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
etc/rc.d/init.d/networking/red.up/10-multicast
etc/rc.d/init.d/networking/red.up/10-static-routes
etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-snort
+etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
etc/rc.d/init.d/sendsignals
etc/rc.d/init.d/setclock
etc/rc.d/init.d/smartenabler
-etc/rc.d/init.d/snort
etc/rc.d/init.d/squid
etc/rc.d/init.d/sshd
etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
etc/rc.d/init.d/swap
etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K77conntrackd
-etc/rc.d/rc0.d/K78snort
+etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K79unbound
etc/rc.d/rc0.d/K80network
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K77conntrackd
-etc/rc.d/rc6.d/K78snort
+etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K79unbound
etc/rc.d/rc6.d/K80network
usr/local/bin/settime
usr/local/bin/timecheck
usr/local/bin/timezone-transition
+usr/local/bin/update-ids-ruleset
usr/local/bin/update-lang-cache
usr/local/bin/xt_geoip_build
usr/local/bin/xt_geoip_update
--- /dev/null
+#usr/include/yaml.h
+usr/lib/libyaml-0.so.2
+usr/lib/libyaml-0.so.2.0.5
+#usr/lib/libyaml.la
+#usr/lib/libyaml.so
+#usr/lib/pkgconfig/yaml-0.1.pc
--- /dev/null
+../../../../common/aarch64/linux
\ No newline at end of file
--- /dev/null
+../../../../common/aarch64/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-initrd-multi
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
--- /dev/null
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
--- /dev/null
+../../../common/collectd
\ No newline at end of file
--- /dev/null
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
+etc/collectd.conf
+etc/logrotate.conf
+etc/rc.d/init.d/collectd
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/networking/red.up/23-suricata
+etc/rc.d/init.d/suricata
+etc/syslog.conf
+opt/pakfire/etc/pakfire.conf
+srv/web/ipfire/cgi-bin/aliases.cgi
+srv/web/ipfire/cgi-bin/dnsforward.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
+srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/local/bin/ipsec-interfaces
+usr/local/bin/suricatactrl
+usr/local/bin/update-ids-ruleset
+usr/sbin/convert-snort
+usr/sbin/unbound-dhcp-leases-bridge
+usr/sbin/setup
+var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
+var/ipfire/general-functions.pl
+var/ipfire/geoip-functions.pl
+var/ipfire/ids-functions.pl
+var/ipfire/langs
+var/ipfire/menu.d/40-services.menu
+var/ipfire/menu.d/50-firewall.menu
--- /dev/null
+../../../common/gnutls
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux
\ No newline at end of file
--- /dev/null
+../../../../common/i586/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../common/ids-ruleset-sources
\ No newline at end of file
--- /dev/null
+../../../common/libcap-ng
\ No newline at end of file
--- /dev/null
+../../../common/libhtp
\ No newline at end of file
--- /dev/null
+../../../common/lua
\ No newline at end of file
--- /dev/null
+../../../common/nettle
\ No newline at end of file
--- /dev/null
+../../../common/ntp
\ No newline at end of file
--- /dev/null
+../../../common/oinkmaster
\ No newline at end of file
--- /dev/null
+../../../common/rrdtool
\ No newline at end of file
--- /dev/null
+../../../common/suricata
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux
\ No newline at end of file
--- /dev/null
+../../../../common/x86_64/linux-initrd
\ No newline at end of file
--- /dev/null
+../../../common/yaml
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=131
+
+exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ # don't start pakfire again at error
+ killall -KILL pak_update
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+ cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire*)
+ # Ok.
+ ;;
+ *)
+ exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+ ;;
+esac
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 80000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+ exit 2
+fi
+
+# Remove the old kernel
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-*-ipfire-*
+rm -rf /boot/zImage-*-ipfire-*
+rm -rf /boot/uInit-*-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+rm -f /etc/sysconfig/lm_sensors
+
+# Stop services
+/etc/init.d/snort stop
+if [ -e "/etc/init.d/suricata" ]; then
+ /etc/init.d/suricata stop
+fi
+
+# Rename snort user to suricata
+if getent group snort &>/dev/null; then
+ groupmod -n suricata snort
+fi
+
+if getent passwd snort &>/dev/null; then
+ usermod -l suricata -c "Suricata" \
+ -d /var/log/suricata snort
+fi
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Migrate snort configuration to suricata
+/usr/sbin/convert-snort
+
+# Remove files
+rm -rfv \
+ /etc/rc.d/rc*.d/*snort \
+ /etc/rc.d/init.d/networking/red.up/23-RS-snort \
+ /etc/snort \
+ /usr/bin/daq-modules-config \
+ /usr/bin/u2boat \
+ /usr/bin/u2spewfoo \
+ /usr/lib/daq \
+ /usr/lib/snort \
+ /usr/lib/libdaq.so* \
+ /usr/lib/libsfbpf.so* \
+ /usr/local/bin/snortctl \
+ /usr/sbin/snort \
+ /var/ipfire/snort
+
+# Start services
+/etc/init.d/apache restart
+/etc/init.d/collectd restart
+/etc/init.d/firewall restart
+/etc/init.d/unbound restart
+/etc/init.d/suricata start
+
+# Update pakfire database
+/usr/local/bin/pakfire update --force
+
+# Search sensors again after reboot into the new kernel
+rm -f /etc/sysconfig/lm_sensors
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+ sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+ /boot/pakfire-kernel-update ${KVER}
+fi
+
+case "$(uname -m)" in
+ i?86)
+ # Force (re)install pae kernel if pae is supported
+ rm -rf /opt/pakfire/db/installed/meta-linux-pae
+ rm -rf /opt/pakfire/db/rootfiles/linux-pae
+ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ touch /var/run/need_reboot
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ fi
+ else
+ touch /var/run/need_reboot
+ fi
+ ;;
+ *)
+ # This update needs a reboot...
+ touch /var/run/need_reboot
+ ;;
+esac
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
--- /dev/null
+../../../common/unbound
\ No newline at end of file
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/Net_SSLeay
\ No newline at end of file
--- /dev/null
+../../../common/apache2
\ No newline at end of file
--- /dev/null
+../../../common/wget
\ No newline at end of file
usr/bin/borg
+usr/bin/borgfs
usr/lib/python3.6/site-packages/borg
usr/lib/python3.6/site-packages/borg/__init__.py
usr/lib/python3.6/site-packages/borg/__main__.py
usr/lib/python3.6/site-packages/borg/__pycache__/archive.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/archiver.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/cache.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/constants.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/fuse.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/helpers.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/key.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/keymanager.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/locking.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/logger.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/lrucache.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/platform.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/nanorst.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/patterns.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/remote.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/repository.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/selftest.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/shellpattern.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/upgrader.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/version.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/xattr.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/_chunker.c
-usr/lib/python3.6/site-packages/borg/_hashindex.c
usr/lib/python3.6/site-packages/borg/_version.py
+usr/lib/python3.6/site-packages/borg/algorithms
+usr/lib/python3.6/site-packages/borg/algorithms/__init__.py
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/algorithms/checksums.cpython-36m-arm-linux-gnueabi.so
usr/lib/python3.6/site-packages/borg/archive.py
usr/lib/python3.6/site-packages/borg/archiver.py
usr/lib/python3.6/site-packages/borg/cache.py
-usr/lib/python3.6/site-packages/borg/chunker.c
usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-arm-linux-gnueabi.so
-usr/lib/python3.6/site-packages/borg/chunker.pyx
-usr/lib/python3.6/site-packages/borg/compress.c
usr/lib/python3.6/site-packages/borg/compress.cpython-36m-arm-linux-gnueabi.so
-usr/lib/python3.6/site-packages/borg/compress.pyx
-usr/lib/python3.6/site-packages/borg/crypto.c
-usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-arm-linux-gnueabi.so
-usr/lib/python3.6/site-packages/borg/crypto.pyx
+usr/lib/python3.6/site-packages/borg/constants.py
+usr/lib/python3.6/site-packages/borg/crypto
+usr/lib/python3.6/site-packages/borg/crypto/__init__.py
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/file_integrity.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/key.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/keymanager.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/nonces.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/file_integrity.py
+usr/lib/python3.6/site-packages/borg/crypto/key.py
+usr/lib/python3.6/site-packages/borg/crypto/keymanager.py
+usr/lib/python3.6/site-packages/borg/crypto/low_level.cpython-36m-arm-linux-gnueabi.so
+usr/lib/python3.6/site-packages/borg/crypto/nonces.py
usr/lib/python3.6/site-packages/borg/fuse.py
-usr/lib/python3.6/site-packages/borg/hashindex.c
usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-arm-linux-gnueabi.so
-usr/lib/python3.6/site-packages/borg/hashindex.pyx
usr/lib/python3.6/site-packages/borg/helpers.py
-usr/lib/python3.6/site-packages/borg/key.py
-usr/lib/python3.6/site-packages/borg/keymanager.py
+usr/lib/python3.6/site-packages/borg/item.cpython-36m-arm-linux-gnueabi.so
usr/lib/python3.6/site-packages/borg/locking.py
usr/lib/python3.6/site-packages/borg/logger.py
usr/lib/python3.6/site-packages/borg/lrucache.py
+usr/lib/python3.6/site-packages/borg/nanorst.py
usr/lib/python3.6/site-packages/borg/paperkey.html
-usr/lib/python3.6/site-packages/borg/platform.py
-usr/lib/python3.6/site-packages/borg/platform_darwin.c
-usr/lib/python3.6/site-packages/borg/platform_darwin.pyx
-usr/lib/python3.6/site-packages/borg/platform_freebsd.c
-usr/lib/python3.6/site-packages/borg/platform_freebsd.pyx
-usr/lib/python3.6/site-packages/borg/platform_linux.c
-usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-arm-linux-gnueabi.so
-usr/lib/python3.6/site-packages/borg/platform_linux.pyx
+usr/lib/python3.6/site-packages/borg/patterns.py
+usr/lib/python3.6/site-packages/borg/platform
+usr/lib/python3.6/site-packages/borg/platform/__init__.py
+usr/lib/python3.6/site-packages/borg/platform/__pycache__
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/base.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/base.py
+usr/lib/python3.6/site-packages/borg/platform/linux.cpython-36m-arm-linux-gnueabi.so
+usr/lib/python3.6/site-packages/borg/platform/posix.cpython-36m-arm-linux-gnueabi.so
usr/lib/python3.6/site-packages/borg/remote.py
usr/lib/python3.6/site-packages/borg/repository.py
+usr/lib/python3.6/site-packages/borg/selftest.py
usr/lib/python3.6/site-packages/borg/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite
#usr/lib/python3.6/site-packages/borg/testsuite/__init__.py
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archive.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archiver.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/benchmark.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/cache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/checksums.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/chunker.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/compress.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/crypto.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/file_integrity.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/hashindex.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/helpers.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/item.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/key.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/locking.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/logger.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/lrucache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nanorst.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nonces.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/patterns.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/platform.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/remote.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/repository.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/shellpattern.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/upgrader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/version.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/xattr.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/archive.py
#usr/lib/python3.6/site-packages/borg/testsuite/archiver.py
#usr/lib/python3.6/site-packages/borg/testsuite/attic.tar.gz
#usr/lib/python3.6/site-packages/borg/testsuite/benchmark.py
+#usr/lib/python3.6/site-packages/borg/testsuite/cache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/checksums.py
#usr/lib/python3.6/site-packages/borg/testsuite/chunker.py
#usr/lib/python3.6/site-packages/borg/testsuite/compress.py
#usr/lib/python3.6/site-packages/borg/testsuite/crypto.py
+#usr/lib/python3.6/site-packages/borg/testsuite/file_integrity.py
#usr/lib/python3.6/site-packages/borg/testsuite/hashindex.py
#usr/lib/python3.6/site-packages/borg/testsuite/helpers.py
+#usr/lib/python3.6/site-packages/borg/testsuite/item.py
#usr/lib/python3.6/site-packages/borg/testsuite/key.py
#usr/lib/python3.6/site-packages/borg/testsuite/locking.py
#usr/lib/python3.6/site-packages/borg/testsuite/logger.py
#usr/lib/python3.6/site-packages/borg/testsuite/lrucache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nanorst.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nonces.py
+#usr/lib/python3.6/site-packages/borg/testsuite/patterns.py
#usr/lib/python3.6/site-packages/borg/testsuite/platform.py
+#usr/lib/python3.6/site-packages/borg/testsuite/remote.py
#usr/lib/python3.6/site-packages/borg/testsuite/repository.py
#usr/lib/python3.6/site-packages/borg/testsuite/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite/upgrader.py
+#usr/lib/python3.6/site-packages/borg/testsuite/version.py
#usr/lib/python3.6/site-packages/borg/testsuite/xattr.py
usr/lib/python3.6/site-packages/borg/upgrader.py
+usr/lib/python3.6/site-packages/borg/version.py
usr/lib/python3.6/site-packages/borg/xattr.py
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/PKG-INFO
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/SOURCES.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/dependency_links.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/entry_points.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/requires.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/top_level.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/PKG-INFO
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/SOURCES.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/dependency_links.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/entry_points.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/not-zip-safe
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/requires.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/top_level.txt
--- /dev/null
+#usr/lib/python3.6/site-packages/PyYAML-3.13-py3.6.egg-info
+usr/lib/python3.6/site-packages/_yaml.cpython-36m-arm-linux-gnueabi.so
+usr/lib/python3.6/site-packages/yaml
+#usr/lib/python3.6/site-packages/yaml/__init__.py
+#usr/lib/python3.6/site-packages/yaml/__pycache__
+#usr/lib/python3.6/site-packages/yaml/__pycache__/__init__.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/composer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/constructor.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/cyaml.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/dumper.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/emitter.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/error.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/events.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/loader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/nodes.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/parser.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/reader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/representer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/resolver.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/scanner.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/serializer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/tokens.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/composer.py
+#usr/lib/python3.6/site-packages/yaml/constructor.py
+#usr/lib/python3.6/site-packages/yaml/cyaml.py
+#usr/lib/python3.6/site-packages/yaml/dumper.py
+#usr/lib/python3.6/site-packages/yaml/emitter.py
+#usr/lib/python3.6/site-packages/yaml/error.py
+#usr/lib/python3.6/site-packages/yaml/events.py
+#usr/lib/python3.6/site-packages/yaml/loader.py
+#usr/lib/python3.6/site-packages/yaml/nodes.py
+#usr/lib/python3.6/site-packages/yaml/parser.py
+#usr/lib/python3.6/site-packages/yaml/reader.py
+#usr/lib/python3.6/site-packages/yaml/representer.py
+#usr/lib/python3.6/site-packages/yaml/resolver.py
+#usr/lib/python3.6/site-packages/yaml/scanner.py
+#usr/lib/python3.6/site-packages/yaml/serializer.py
+#usr/lib/python3.6/site-packages/yaml/tokens.py
usr/bin/borg
+usr/bin/borgfs
usr/lib/python3.6/site-packages/borg
usr/lib/python3.6/site-packages/borg/__init__.py
usr/lib/python3.6/site-packages/borg/__main__.py
usr/lib/python3.6/site-packages/borg/__pycache__/archive.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/archiver.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/cache.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/constants.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/fuse.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/helpers.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/key.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/keymanager.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/locking.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/logger.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/lrucache.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/platform.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/nanorst.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/patterns.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/remote.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/repository.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/selftest.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/shellpattern.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/upgrader.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/version.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/xattr.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/_chunker.c
-usr/lib/python3.6/site-packages/borg/_hashindex.c
usr/lib/python3.6/site-packages/borg/_version.py
+usr/lib/python3.6/site-packages/borg/algorithms
+usr/lib/python3.6/site-packages/borg/algorithms/__init__.py
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/algorithms/checksums.cpython-36m-MACHINE-linux-gnu.so
usr/lib/python3.6/site-packages/borg/archive.py
usr/lib/python3.6/site-packages/borg/archiver.py
usr/lib/python3.6/site-packages/borg/cache.py
-usr/lib/python3.6/site-packages/borg/chunker.c
usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-MACHINE-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/chunker.pyx
-usr/lib/python3.6/site-packages/borg/compress.c
usr/lib/python3.6/site-packages/borg/compress.cpython-36m-MACHINE-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/compress.pyx
-usr/lib/python3.6/site-packages/borg/crypto.c
-usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-MACHINE-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/crypto.pyx
+usr/lib/python3.6/site-packages/borg/constants.py
+usr/lib/python3.6/site-packages/borg/crypto
+usr/lib/python3.6/site-packages/borg/crypto/__init__.py
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/file_integrity.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/key.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/keymanager.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/nonces.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/file_integrity.py
+usr/lib/python3.6/site-packages/borg/crypto/key.py
+usr/lib/python3.6/site-packages/borg/crypto/keymanager.py
+usr/lib/python3.6/site-packages/borg/crypto/low_level.cpython-36m-MACHINE-linux-gnu.so
+usr/lib/python3.6/site-packages/borg/crypto/nonces.py
usr/lib/python3.6/site-packages/borg/fuse.py
-usr/lib/python3.6/site-packages/borg/hashindex.c
usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-MACHINE-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/hashindex.pyx
usr/lib/python3.6/site-packages/borg/helpers.py
-usr/lib/python3.6/site-packages/borg/key.py
-usr/lib/python3.6/site-packages/borg/keymanager.py
+usr/lib/python3.6/site-packages/borg/item.cpython-36m-MACHINE-linux-gnu.so
usr/lib/python3.6/site-packages/borg/locking.py
usr/lib/python3.6/site-packages/borg/logger.py
usr/lib/python3.6/site-packages/borg/lrucache.py
+usr/lib/python3.6/site-packages/borg/nanorst.py
usr/lib/python3.6/site-packages/borg/paperkey.html
-usr/lib/python3.6/site-packages/borg/platform.py
-usr/lib/python3.6/site-packages/borg/platform_darwin.c
-usr/lib/python3.6/site-packages/borg/platform_darwin.pyx
-usr/lib/python3.6/site-packages/borg/platform_freebsd.c
-usr/lib/python3.6/site-packages/borg/platform_freebsd.pyx
-usr/lib/python3.6/site-packages/borg/platform_linux.c
-usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-MACHINE-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/platform_linux.pyx
+usr/lib/python3.6/site-packages/borg/patterns.py
+usr/lib/python3.6/site-packages/borg/platform
+usr/lib/python3.6/site-packages/borg/platform/__init__.py
+usr/lib/python3.6/site-packages/borg/platform/__pycache__
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/base.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/base.py
+usr/lib/python3.6/site-packages/borg/platform/linux.cpython-36m-MACHINE-linux-gnu.so
+usr/lib/python3.6/site-packages/borg/platform/posix.cpython-36m-MACHINE-linux-gnu.so
usr/lib/python3.6/site-packages/borg/remote.py
usr/lib/python3.6/site-packages/borg/repository.py
+usr/lib/python3.6/site-packages/borg/selftest.py
usr/lib/python3.6/site-packages/borg/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite
#usr/lib/python3.6/site-packages/borg/testsuite/__init__.py
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archive.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archiver.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/benchmark.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/cache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/checksums.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/chunker.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/compress.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/crypto.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/file_integrity.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/hashindex.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/helpers.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/item.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/key.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/locking.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/logger.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/lrucache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nanorst.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nonces.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/patterns.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/platform.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/remote.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/repository.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/shellpattern.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/upgrader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/version.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/xattr.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/archive.py
#usr/lib/python3.6/site-packages/borg/testsuite/archiver.py
#usr/lib/python3.6/site-packages/borg/testsuite/attic.tar.gz
#usr/lib/python3.6/site-packages/borg/testsuite/benchmark.py
+#usr/lib/python3.6/site-packages/borg/testsuite/cache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/checksums.py
#usr/lib/python3.6/site-packages/borg/testsuite/chunker.py
#usr/lib/python3.6/site-packages/borg/testsuite/compress.py
#usr/lib/python3.6/site-packages/borg/testsuite/crypto.py
+#usr/lib/python3.6/site-packages/borg/testsuite/file_integrity.py
#usr/lib/python3.6/site-packages/borg/testsuite/hashindex.py
#usr/lib/python3.6/site-packages/borg/testsuite/helpers.py
+#usr/lib/python3.6/site-packages/borg/testsuite/item.py
#usr/lib/python3.6/site-packages/borg/testsuite/key.py
#usr/lib/python3.6/site-packages/borg/testsuite/locking.py
#usr/lib/python3.6/site-packages/borg/testsuite/logger.py
#usr/lib/python3.6/site-packages/borg/testsuite/lrucache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nanorst.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nonces.py
+#usr/lib/python3.6/site-packages/borg/testsuite/patterns.py
#usr/lib/python3.6/site-packages/borg/testsuite/platform.py
+#usr/lib/python3.6/site-packages/borg/testsuite/remote.py
#usr/lib/python3.6/site-packages/borg/testsuite/repository.py
#usr/lib/python3.6/site-packages/borg/testsuite/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite/upgrader.py
+#usr/lib/python3.6/site-packages/borg/testsuite/version.py
#usr/lib/python3.6/site-packages/borg/testsuite/xattr.py
usr/lib/python3.6/site-packages/borg/upgrader.py
+usr/lib/python3.6/site-packages/borg/version.py
usr/lib/python3.6/site-packages/borg/xattr.py
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/PKG-INFO
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/SOURCES.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/dependency_links.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/entry_points.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/requires.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/top_level.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/PKG-INFO
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/SOURCES.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/dependency_links.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/entry_points.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/not-zip-safe
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/requires.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/top_level.txt
+etc/rc.d/init.d/dnsdist
usr/bin/dnsdist
#usr/share/man/man1/dnsdist.1
-etc/rc.d/init.d/dnsdist
+var/ipfire/backup/addons/includes/dnsdist
--- /dev/null
+usr/sbin/firmware-update
--- /dev/null
+usr/sbin/flashrom
+#usr/share/man/man8/flashrom.8
#etc/raddb/certs/bootstrap
#etc/raddb/certs/ca.cnf
#etc/raddb/certs/client.cnf
+#etc/raddb/certs/inner-server.cnf
#etc/raddb/certs/passwords.mk
#etc/raddb/certs/server.cnf
#etc/raddb/certs/xpextensions
#etc/raddb/mods-config/sql/main/postgresql
#etc/raddb/mods-config/sql/main/postgresql/extras
#etc/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
-#etc/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql
#etc/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
#etc/raddb/mods-config/sql/main/postgresql/queries.conf
#etc/raddb/mods-config/sql/main/postgresql/schema.sql
#etc/raddb/mods-enabled/date
#etc/raddb/mods-enabled/detail
#etc/raddb/mods-enabled/detail.log
-#etc/raddb/mods-enabled/dhcp
#etc/raddb/mods-enabled/digest
#etc/raddb/mods-enabled/dynamic_clients
#etc/raddb/mods-enabled/eap
#etc/raddb/policy.d/filter
#etc/raddb/policy.d/moonshot-targeted-ids
#etc/raddb/policy.d/operator-name
+#etc/raddb/policy.d/rfc7542
#etc/raddb/proxy.conf
#etc/raddb/radiusd.conf
#etc/raddb/sites-available
usr/bin/smbencrypt
#usr/include/freeradius
#usr/include/freeradius/attributes.h
+#usr/include/freeradius/autoconf.h
#usr/include/freeradius/base64.h
#usr/include/freeradius/build.h
#usr/include/freeradius/conf.h
#usr/include/freeradius/radpaths.h
#usr/include/freeradius/radutmp.h
#usr/include/freeradius/realms.h
+#usr/include/freeradius/regex.h
#usr/include/freeradius/rfc2865.h
#usr/include/freeradius/rfc2866.h
#usr/include/freeradius/rfc2867.h
#usr/include/freeradius/rfc7268.h
#usr/include/freeradius/rfc7499.h
#usr/include/freeradius/rfc7930.h
+#usr/include/freeradius/rfc8045.h
#usr/include/freeradius/sha1.h
#usr/include/freeradius/stats.h
#usr/include/freeradius/sysutmp.h
+#usr/include/freeradius/tcp.h
+#usr/include/freeradius/threads.h
#usr/include/freeradius/tls.h
#usr/include/freeradius/token.h
#usr/include/freeradius/udpfromto.h
#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.schema
#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.ldif
#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.schema
+#usr/share/doc/freeradius/schemas/ldap/samba
+#usr/share/doc/freeradius/schemas/ldap/samba/README.txt
+#usr/share/doc/freeradius/schemas/ldap/samba/freeradius-attrs.ldif
+#usr/share/doc/freeradius/schemas/ldap/samba/freeradius-classes.ldif
+#usr/share/doc/freeradius/schemas/ldap/samba/freeradius-clients-attrs.ldif
+#usr/share/doc/freeradius/schemas/ldap/samba/freeradius-clients-classes.ldif
+#usr/share/doc/freeradius/schemas/ldap/samba/freeradius-user.ldif
#usr/share/doc/freeradius/schemas/logstash
#usr/share/doc/freeradius/schemas/logstash/README
#usr/share/doc/freeradius/schemas/logstash/kibana4-dashboard.json
#usr/share/freeradius/dictionary.avaya
#usr/share/freeradius/dictionary.azaire
#usr/share/freeradius/dictionary.bay
+#usr/share/freeradius/dictionary.bigswitch
#usr/share/freeradius/dictionary.bintec
#usr/share/freeradius/dictionary.bluecoat
#usr/share/freeradius/dictionary.boingo
#usr/share/freeradius/dictionary.huawei
#usr/share/freeradius/dictionary.iana
#usr/share/freeradius/dictionary.iea
+#usr/share/freeradius/dictionary.infinera
#usr/share/freeradius/dictionary.infoblox
#usr/share/freeradius/dictionary.infonet
#usr/share/freeradius/dictionary.ipunplugged
#usr/share/freeradius/dictionary.microsemi
#usr/share/freeradius/dictionary.microsoft
#usr/share/freeradius/dictionary.mikrotik
+#usr/share/freeradius/dictionary.mimosa
#usr/share/freeradius/dictionary.motorola
#usr/share/freeradius/dictionary.motorola.illegal
#usr/share/freeradius/dictionary.motorola.wimax
#usr/share/freeradius/dictionary.rfc7268
#usr/share/freeradius/dictionary.rfc7499
#usr/share/freeradius/dictionary.rfc7930
+#usr/share/freeradius/dictionary.rfc8045
#usr/share/freeradius/dictionary.riverbed
#usr/share/freeradius/dictionary.riverstone
#usr/share/freeradius/dictionary.roaringpenguin
#usr/share/freeradius/dictionary.siemens
#usr/share/freeradius/dictionary.slipstream
#usr/share/freeradius/dictionary.sofaware
+#usr/share/freeradius/dictionary.softbank
#usr/share/freeradius/dictionary.sonicwall
#usr/share/freeradius/dictionary.springtide
#usr/share/freeradius/dictionary.starent
#usr/share/freeradius/dictionary.usr.illegal
#usr/share/freeradius/dictionary.utstarcom
#usr/share/freeradius/dictionary.valemount
+#usr/share/freeradius/dictionary.verizon
#usr/share/freeradius/dictionary.versanet
#usr/share/freeradius/dictionary.vqp
#usr/share/freeradius/dictionary.walabi
usr/bin/borg
+usr/bin/borgfs
usr/lib/python3.6/site-packages/borg
usr/lib/python3.6/site-packages/borg/__init__.py
usr/lib/python3.6/site-packages/borg/__main__.py
usr/lib/python3.6/site-packages/borg/__pycache__/archive.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/archiver.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/cache.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/constants.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/fuse.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/helpers.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/key.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/keymanager.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/locking.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/logger.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/lrucache.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/__pycache__/platform.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/nanorst.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/patterns.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/remote.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/repository.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/selftest.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/shellpattern.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/upgrader.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/__pycache__/version.cpython-36.pyc
usr/lib/python3.6/site-packages/borg/__pycache__/xattr.cpython-36.pyc
-usr/lib/python3.6/site-packages/borg/_chunker.c
-usr/lib/python3.6/site-packages/borg/_hashindex.c
usr/lib/python3.6/site-packages/borg/_version.py
+usr/lib/python3.6/site-packages/borg/algorithms
+usr/lib/python3.6/site-packages/borg/algorithms/__init__.py
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__
+usr/lib/python3.6/site-packages/borg/algorithms/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/algorithms/checksums.cpython-36m-i386-linux-gnu.so
usr/lib/python3.6/site-packages/borg/archive.py
usr/lib/python3.6/site-packages/borg/archiver.py
usr/lib/python3.6/site-packages/borg/cache.py
-usr/lib/python3.6/site-packages/borg/chunker.c
usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-i386-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/chunker.pyx
-usr/lib/python3.6/site-packages/borg/compress.c
usr/lib/python3.6/site-packages/borg/compress.cpython-36m-i386-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/compress.pyx
-usr/lib/python3.6/site-packages/borg/crypto.c
-usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-i386-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/crypto.pyx
+usr/lib/python3.6/site-packages/borg/constants.py
+usr/lib/python3.6/site-packages/borg/crypto
+usr/lib/python3.6/site-packages/borg/crypto/__init__.py
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/file_integrity.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/key.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/keymanager.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/__pycache__/nonces.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/crypto/file_integrity.py
+usr/lib/python3.6/site-packages/borg/crypto/key.py
+usr/lib/python3.6/site-packages/borg/crypto/keymanager.py
+usr/lib/python3.6/site-packages/borg/crypto/low_level.cpython-36m-i386-linux-gnu.so
+usr/lib/python3.6/site-packages/borg/crypto/nonces.py
usr/lib/python3.6/site-packages/borg/fuse.py
-usr/lib/python3.6/site-packages/borg/hashindex.c
usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-i386-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/hashindex.pyx
usr/lib/python3.6/site-packages/borg/helpers.py
-usr/lib/python3.6/site-packages/borg/key.py
-usr/lib/python3.6/site-packages/borg/keymanager.py
+usr/lib/python3.6/site-packages/borg/item.cpython-36m-i386-linux-gnu.so
usr/lib/python3.6/site-packages/borg/locking.py
usr/lib/python3.6/site-packages/borg/logger.py
usr/lib/python3.6/site-packages/borg/lrucache.py
+usr/lib/python3.6/site-packages/borg/nanorst.py
usr/lib/python3.6/site-packages/borg/paperkey.html
-usr/lib/python3.6/site-packages/borg/platform.py
-usr/lib/python3.6/site-packages/borg/platform_darwin.c
-usr/lib/python3.6/site-packages/borg/platform_darwin.pyx
-usr/lib/python3.6/site-packages/borg/platform_freebsd.c
-usr/lib/python3.6/site-packages/borg/platform_freebsd.pyx
-usr/lib/python3.6/site-packages/borg/platform_linux.c
-usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-i386-linux-gnu.so
-usr/lib/python3.6/site-packages/borg/platform_linux.pyx
+usr/lib/python3.6/site-packages/borg/patterns.py
+usr/lib/python3.6/site-packages/borg/platform
+usr/lib/python3.6/site-packages/borg/platform/__init__.py
+usr/lib/python3.6/site-packages/borg/platform/__pycache__
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/__init__.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/__pycache__/base.cpython-36.pyc
+usr/lib/python3.6/site-packages/borg/platform/base.py
+usr/lib/python3.6/site-packages/borg/platform/linux.cpython-36m-i386-linux-gnu.so
+usr/lib/python3.6/site-packages/borg/platform/posix.cpython-36m-i386-linux-gnu.so
usr/lib/python3.6/site-packages/borg/remote.py
usr/lib/python3.6/site-packages/borg/repository.py
+usr/lib/python3.6/site-packages/borg/selftest.py
usr/lib/python3.6/site-packages/borg/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite
#usr/lib/python3.6/site-packages/borg/testsuite/__init__.py
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archive.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/archiver.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/benchmark.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/cache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/checksums.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/chunker.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/compress.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/crypto.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/file_integrity.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/hashindex.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/helpers.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/item.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/key.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/locking.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/logger.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/lrucache.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nanorst.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/nonces.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/patterns.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/platform.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/remote.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/repository.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/shellpattern.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/upgrader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/version.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/__pycache__/xattr.cpython-36.pyc
#usr/lib/python3.6/site-packages/borg/testsuite/archive.py
#usr/lib/python3.6/site-packages/borg/testsuite/archiver.py
#usr/lib/python3.6/site-packages/borg/testsuite/attic.tar.gz
#usr/lib/python3.6/site-packages/borg/testsuite/benchmark.py
+#usr/lib/python3.6/site-packages/borg/testsuite/cache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/checksums.py
#usr/lib/python3.6/site-packages/borg/testsuite/chunker.py
#usr/lib/python3.6/site-packages/borg/testsuite/compress.py
#usr/lib/python3.6/site-packages/borg/testsuite/crypto.py
+#usr/lib/python3.6/site-packages/borg/testsuite/file_integrity.py
#usr/lib/python3.6/site-packages/borg/testsuite/hashindex.py
#usr/lib/python3.6/site-packages/borg/testsuite/helpers.py
+#usr/lib/python3.6/site-packages/borg/testsuite/item.py
#usr/lib/python3.6/site-packages/borg/testsuite/key.py
#usr/lib/python3.6/site-packages/borg/testsuite/locking.py
#usr/lib/python3.6/site-packages/borg/testsuite/logger.py
#usr/lib/python3.6/site-packages/borg/testsuite/lrucache.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nanorst.py
+#usr/lib/python3.6/site-packages/borg/testsuite/nonces.py
+#usr/lib/python3.6/site-packages/borg/testsuite/patterns.py
#usr/lib/python3.6/site-packages/borg/testsuite/platform.py
+#usr/lib/python3.6/site-packages/borg/testsuite/remote.py
#usr/lib/python3.6/site-packages/borg/testsuite/repository.py
#usr/lib/python3.6/site-packages/borg/testsuite/shellpattern.py
#usr/lib/python3.6/site-packages/borg/testsuite/upgrader.py
+#usr/lib/python3.6/site-packages/borg/testsuite/version.py
#usr/lib/python3.6/site-packages/borg/testsuite/xattr.py
usr/lib/python3.6/site-packages/borg/upgrader.py
+usr/lib/python3.6/site-packages/borg/version.py
usr/lib/python3.6/site-packages/borg/xattr.py
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/PKG-INFO
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/SOURCES.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/dependency_links.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/entry_points.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/requires.txt
-usr/lib/python3.6/site-packages/borgbackup-1.0.12-py3.6.egg-info/top_level.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/PKG-INFO
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/SOURCES.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/dependency_links.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/entry_points.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/not-zip-safe
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/requires.txt
+usr/lib/python3.6/site-packages/borgbackup-1.1.9-py3.6.egg-info/top_level.txt
--- /dev/null
+#usr/lib/python3.6/site-packages/PyYAML-3.13-py3.6.egg-info
+usr/lib/python3.6/site-packages/_yaml.cpython-36m-i386-linux-gnu.so
+usr/lib/python3.6/site-packages/yaml
+#usr/lib/python3.6/site-packages/yaml/__init__.py
+#usr/lib/python3.6/site-packages/yaml/__pycache__
+#usr/lib/python3.6/site-packages/yaml/__pycache__/__init__.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/composer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/constructor.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/cyaml.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/dumper.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/emitter.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/error.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/events.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/loader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/nodes.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/parser.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/reader.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/representer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/resolver.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/scanner.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/serializer.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/__pycache__/tokens.cpython-36.pyc
+#usr/lib/python3.6/site-packages/yaml/composer.py
+#usr/lib/python3.6/site-packages/yaml/constructor.py
+#usr/lib/python3.6/site-packages/yaml/cyaml.py
+#usr/lib/python3.6/site-packages/yaml/dumper.py
+#usr/lib/python3.6/site-packages/yaml/emitter.py
+#usr/lib/python3.6/site-packages/yaml/error.py
+#usr/lib/python3.6/site-packages/yaml/events.py
+#usr/lib/python3.6/site-packages/yaml/loader.py
+#usr/lib/python3.6/site-packages/yaml/nodes.py
+#usr/lib/python3.6/site-packages/yaml/parser.py
+#usr/lib/python3.6/site-packages/yaml/reader.py
+#usr/lib/python3.6/site-packages/yaml/representer.py
+#usr/lib/python3.6/site-packages/yaml/resolver.py
+#usr/lib/python3.6/site-packages/yaml/scanner.py
+#usr/lib/python3.6/site-packages/yaml/serializer.py
+#usr/lib/python3.6/site-packages/yaml/tokens.py
-etc/nginx
+#etc/nginx
etc/nginx/fastcgi.conf
etc/nginx/fastcgi.conf.default
etc/nginx/fastcgi_params
etc/nginx/win-utf
etc/rc.d/init.d/nginx
usr/sbin/nginx
-usr/share/nginx
-usr/share/nginx/html
+#usr/share/nginx
+#usr/share/nginx/html
usr/share/nginx/html/50x.html
usr/share/nginx/html/index.html
var/ipfire/backup/addons/includes/nginx
--- /dev/null
+#lib/firmware/pcengines
+#lib/firmware/pcengines/apu
+lib/firmware/pcengines/apu/apu1_v4.9.0.3.rom
+lib/firmware/pcengines/apu/apu2_v4.9.0.3.rom
+lib/firmware/pcengines/apu/apu3_v4.9.0.3.rom
+lib/firmware/pcengines/apu/apu4_v4.9.0.3.rom
+lib/firmware/pcengines/apu/apu5_v4.9.0.3.rom
#usr/lib/python3.6/site-packages/PyYAML-3.13-py3.6.egg-info
+usr/lib/python3.6/site-packages/_yaml.cpython-36m-MACHINE-linux-gnu.so
usr/lib/python3.6/site-packages/yaml
#usr/lib/python3.6/site-packages/yaml/__init__.py
#usr/lib/python3.6/site-packages/yaml/__pycache__
+++ /dev/null
-###################################################
-# IPFire snort.conf
-#
-# some parts of this file are changed/updated by the webif
-###################################################
-# VERSIONS : 2.9.5.0
-
-include /etc/snort/vars
-
-###################################################
-# Step #1: Set the network variables. For more information, see README.variables
-###################################################
-
-# taken from /etc/snort vars
-#ipvar HOME_NET any
-
-# Set up the external network addresses. Leave as "any" in most situations
-ipvar EXTERNAL_NET any
-
-# List of DNS servers on your network
-#ipvar DNS_SERVERS $HOME_NET
-
-# List of SMTP servers on your network
-ipvar SMTP_SERVERS $HOME_NET
-
-# List of web servers on your network
-ipvar HTTP_SERVERS $HOME_NET
-
-# List of sql servers on your network
-ipvar SQL_SERVERS $HOME_NET
-
-# List of telnet servers on your network
-ipvar TELNET_SERVERS $HOME_NET
-
-# List of ssh servers on your network
-ipvar SSH_SERVERS $HOME_NET
-
-# List of ftp servers on your network
-ipvar FTP_SERVERS $HOME_NET
-
-# List of sip servers on your network
-ipvar SIP_SERVERS $HOME_NET
-
-# List of ports you run web servers on
-portvar HTTP_PORTS [80,81,82,83,84,85,86,87,88,89,311,383,444,591,593,631,901,1220,1414,1741,1830,2301,2381,2809,3037,3057,3128,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555]
-
-# List of ports you want to look for SHELLCODE on.
-portvar SHELLCODE_PORTS !80
-
-# List of ports you might see oracle attacks on
-portvar ORACLE_PORTS 1024:
-
-# List of ports you want to look for SSH connections on:
-portvar SSH_PORTS [22,222]
-
-# List of ports you run ftp servers on
-portvar FTP_PORTS [21,2100,3535]
-
-# List of ports you run SIP servers on
-portvar SIP_PORTS [5060,5061,5600]
-
-# List of file data ports for file inspection
-portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
-
-# List of GTP ports for GTP preprocessor
-portvar GTP_PORTS [2123,2152,3386]
-
-# other variables, these should not be modified
-ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
-
-# Path to your rules files (this can be a relative path)
-# Note for Windows users: You are advised to make this an absolute path,
-# such as: c:\snort\rules
-var RULE_PATH /etc/snort/rules
-var SO_RULE_PATH /etc/snort/so_rules
-var PREPROC_RULE_PATH /etc/snort/preproc_rules
-
-# If you are using reputation preprocessor set these
-# Currently there is a bug with relative paths, they are relative to where snort is
-# not relative to snort.conf like the above variables
-# This is completely inconsistent with how other vars work, BUG 89986
-# Set the absolute path appropriately
-var WHITE_LIST_PATH /etc/snort/rules
-var BLACK_LIST_PATH /etc/snort/rules
-
-
-###################################################
-# Step #2: Configure the decoder. For more information, see README.decode
-###################################################
-
-# Stop generic decode events:
-config disable_decode_alerts
-
-# Stop Alerts on experimental TCP options
-config disable_tcpopt_experimental_alerts
-
-# Stop Alerts on obsolete TCP options
-config disable_tcpopt_obsolete_alerts
-
-# Stop Alerts on T/TCP alerts
-# config disable_tcpopt_ttcp_alerts
-
-# Stop Alerts on all other TCPOption type events:
-config disable_tcpopt_alerts
-
-# Stop Alerts on invalid ip options
-# config disable_ipopt_alerts
-
-# Alert if value in length field (IP, TCP, UDP) is greater th elength of the packet
-# config enable_decode_oversized_alerts
-
-# Same as above, but drop packet if in Inline mode (requires enable_decode_oversized_alerts)
-# config enable_decode_oversized_drops
-
-# Configure IP / TCP checksum mode
-config checksum_mode: all
-
-# Configure maximum number of flowbit references. For more information, see README.flowbits
-# config flowbits_size: 64
-
-# Configure ports to ignore
-# config ignore_ports: tcp 21 6667:6671 1356
-# config ignore_ports: udp 1:17 53
-
-# Configure active response for non inline operation. For more information, see REAMDE.active
-# config response: eth0 attempts 2
-
-# Configure DAQ related options for inline operation. For more information, see README.daq
-#
-# config daq: <type>
-# config daq_dir: <dir>
-# config daq_mode: <mode>
-# config daq_var: <var>
-#
-# <type> ::= pcap | afpacket | dump | nfq | ipq | ipfw
-# <mode> ::= read-file | passive | inline
-# <var> ::= arbitrary <name>=<value passed to DAQ
-# <dir> ::= path as to where to look for DAQ module so's
-
-# Configure specific UID and GID to run snort as after dropping privs. For more information see snort -h command line options
-#
-# config set_gid:
-# config set_uid:
-
-# Configure default snaplen. Snort defaults to MTU of in use interface. For more information see README
-#
-# config snaplen:
-#
-
-# Configure default bpf_file to use for filtering what traffic reaches snort. For more information see snort -h command line options (-F)
-#
-# config bpf_file:
-#
-
-# Configure default log directory for snort to log to. For more information see snort -h command line options (-l)
-#
-# config logdir:
-
-
-###################################################
-# Step #3: Configure the base detection engine. For more information, see README.decode
-###################################################
-
-# Configure PCRE match limitations
-config pcre_match_limit: 3500
-config pcre_match_limit_recursion: 1500
-
-# Configure the detection engine See the Snort Manual, Configuring Snort - Includes - Config
-config detection: search-method ac-split search-optimize max-pattern-len 20
-
-# Configure the event queue. For more information, see README.event_queue
-config event_queue: max_queue 8 log 5 order_events content_length
-
-###################################################
-## Configure GTP if it is to be used.
-## For more information, see README.GTP
-####################################################
-
-# config enable_gtp
-
-###################################################
-# Per packet and rule latency enforcement
-# For more information see README.ppm
-###################################################
-
-# Per Packet latency configuration
-#config ppm: max-pkt-time 250, \
-# fastpath-expensive-packets, \
-# pkt-log
-
-# Per Rule latency configuration
-#config ppm: max-rule-time 200, \
-# threshold 3, \
-# suspend-expensive-rules, \
-# suspend-timeout 20, \
-# rule-log alert
-
-###################################################
-# Configure Perf Profiling for debugging
-# For more information see README.PerfProfiling
-###################################################
-
-#config profile_rules: print all, sort avg_ticks
-#config profile_preprocs: print all, sort avg_ticks
-
-###################################################
-# Configure protocol aware flushing
-# For more information see README.stream5
-###################################################
-config paf_max: 16000
-
-###################################################
-# Step #4: Configure dynamic loaded libraries.
-# For more information, see Snort Manual, Configuring Snort - Dynamic Modules
-###################################################
-
-# path to dynamic preprocessor libraries
-dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
-
-# path to base preprocessor engine
-dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
-
-# path to dynamic rules libraries
-# dynamicdetection directory /usr/local/lib/snort_dynamicrules
-
-
-###################################################
-# Step #5: Configure preprocessors
-# For more information, see the Snort Manual, Configuring Snort - Preprocessors
-###################################################
-
-# GTP Control Channle Preprocessor. For more information, see README.GTP
-# preprocessor gtp: ports { 2123 3386 2152 }
-
-# Inline packet normalization. For more information, see README.normalize
-# Does nothing in IDS mode
-preprocessor normalize_ip4
-preprocessor normalize_tcp: ips ecn stream
-preprocessor normalize_icmp4
-preprocessor normalize_ip6
-preprocessor normalize_icmp6
-
-# Target-based IP defragmentation. For more inforation, see README.frag3
-preprocessor frag3_global: max_frags 65536
-preprocessor frag3_engine: policy windows detect_anomalies overlap_limit 10 min_fragment_length 100 timeout 180
-
-# Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5
-preprocessor stream5_global: track_tcp yes, \
- track_udp yes, \
- track_icmp no, \
- max_tcp 262144, \
- max_udp 131072, \
- max_active_responses 2, \
- min_response_seconds 5
-preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \
- overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
- ports client 21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 139 143 \
- 161 222 445 513 514 587 593 691 1433 1521 1741 2100 3306 6070 6665 6666 6667 6668 6669 \
- 7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \
- ports both 80 81 82 83 84 85 86 87 88 89 110 311 383 443 444 465 563 591 593 631 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 7779 \
- 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \
- 7917 7918 7919 7920 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
-preprocessor stream5_udp: timeout 180
-
-# performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor
-# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
-
-# HTTP normalization and anomaly detection. For more information, see README.http_inspect
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-preprocessor http_inspect_server: server default \
- http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
- chunk_length 500000 \
- server_flow_depth 0 \
- client_flow_depth 0 \
- post_depth 65495 \
- oversize_dir_length 500 \
- max_header_length 750 \
- max_headers 100 \
- max_spaces 200 \
- small_chunk_length { 10 5 } \
- ports { 80 81 82 83 84 85 86 87 88 89 311 383 444 591 593 631 901 1220 1414 1741 1830 2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 6080 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 } \
- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
- enable_cookie \
- extended_response_inspection \
- inspect_gzip \
- normalize_utf \
- unlimited_decompress \
- normalize_javascript \
- apache_whitespace no \
- ascii no \
- bare_byte no \
- directory no \
- double_decode no \
- iis_backslash no \
- iis_delimiter no \
- iis_unicode no \
- multi_slash no \
- utf_8 no \
- u_encode yes \
- webroot no
-
-# ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
-
-# Back Orifice detection.
-preprocessor bo
-
-# FTP / Telnet normalization and anomaly detection. For more information, see README.ftptelnet
-preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted
-preprocessor ftp_telnet_protocol: telnet \
- ayt_attack_thresh 20 \
- normalize ports { 23 } \
- detect_anomalies
-preprocessor ftp_telnet_protocol: ftp server default \
- def_max_param_len 100 \
- ports { 21 2100 3535 } \
- telnet_cmds yes \
- ignore_telnet_erase_cmds yes \
- ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
- ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
- ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
- ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
- ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
- ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
- ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
- ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
- ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
- ftp_cmds { XSEN XSHA1 XSHA256 } \
- alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
- alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
- alt_max_param_len 256 { CWD RNTO } \
- alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
- chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
- chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
- chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
- chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
- chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
- chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \
- chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
- cmd_validity MACB < string > \
- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity PORT < host_port > \
- cmd_validity PROT < char CSEP > \
- cmd_validity STRU < char FRPO [ string ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
-preprocessor ftp_telnet_protocol: ftp client default \
- max_resp_len 256 \
- bounce yes \
- ignore_telnet_erase_cmds yes \
- telnet_cmds yes
-
-
-# SMTP normalization and anomaly detection. For more information, see README.SMTP
-preprocessor smtp: ports { 25 465 587 691 } \
- inspection_type stateful \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0 \
- log_mailfrom \
- log_rcptto \
- log_filename \
- log_email_hdrs \
- normalize cmds \
- normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
- normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
- normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
- normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- max_command_line_len 512 \
- max_header_line_len 1000 \
- max_response_line_len 512 \
- alt_max_command_line_len 260 { MAIL } \
- alt_max_command_line_len 300 { RCPT } \
- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
- valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
- valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
- valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
- xlink2state { enabled }
-
-# Portscan detection. For more information, see README.sfportscan
-preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium }
-
-# ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor
-# preprocessor arpspoof
-# preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
-
-# SSH anomaly detection. For more information, see README.ssh
-preprocessor ssh: server_ports { 22 222 } \
- autodetect \
- max_client_bytes 19600 \
- max_encrypted_packets 20 \
- max_server_version_len 100 \
- enable_respoverflow enable_ssh1crc32 \
- enable_srvoverflow enable_protomismatch
-
-# SMB / DCE-RPC normalization and anomaly detection. For more information, see README.dcerpc2
-preprocessor dcerpc2: memcap 102400, events [co ]
-preprocessor dcerpc2_server: default, policy WinXP, \
- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
- smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"]
-
-# DNS anomaly detection. For more information, see README.dns
-preprocessor dns: ports { 53 } enable_rdata_overflow
-
-# SSL anomaly detection and traffic bypass. For more information, see README.ssl
-preprocessor ssl: ports { 443 444 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted
-
-# SDF sensitive data preprocessor. For more information see README.sensitive_data
-preprocessor sensitive_data: alert_threshold 25
-
-# SIP Session Initiation Protocol preprocessor. For more information see README.sip
-preprocessor sip: max_sessions 40000, \
- ports { 5060 5061 5600 }, \
- methods { invite \
- cancel \
- ack \
- bye \
- register \
- options \
- refer \
- subscribe \
- update \
- join \
- info \
- message \
- notify \
- benotify \
- do \
- qauth \
- sprack \
- publish \
- service \
- unsubscribe \
- prack }, \
- max_uri_len 512, \
- max_call_id_len 80, \
- max_requestName_len 20, \
- max_from_len 256, \
- max_to_len 256, \
- max_via_len 1024, \
- max_contact_len 512, \
- max_content_len 2048
-
-# IMAP preprocessor. For more information see README.imap
-preprocessor imap: \
- ports { 143 } \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0
-
-# POP preprocessor. For more information see README.pop
-preprocessor pop: \
- ports { 110 } \
- b64_decode_depth 0 \
- qp_decode_depth 0 \
- bitenc_decode_depth 0 \
- uu_decode_depth 0
-
-# Modbus preprocessor. For more information see README.modbus
-preprocessor modbus: ports { 502 }
-
-# DNP3 preprocessor. For more information see README.dnp3
-preprocessor dnp3: ports { 20000 } \
- memcap 262144 \
- check_crc
-
-# Reputation preprocessor. For more information see README.reputation
-#preprocessor reputation: \
-# memcap 500, \
-# priority whitelist, \
-# nested_ip inner, \
-# whitelist $WHITE_LIST_PATH/white_list.rules, \
-# blacklist $BLACK_LIST_PATH/black_list.rules
-
-
-###################################################
-# Step #6: Configure output plugins
-# For more information, see Snort Manual, Configuring Snort - Output Modules
-###################################################
-
-# unified2
-# Recommended for most installs
-# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
-
-# Additional configuration for specific types of installs
-# output alert_unified2: filename snort.alert, limit 128, nostamp
-# output log_unified2: filename snort.log, limit 128, nostamp
-
-# syslog
-# output alert_syslog: LOG_AUTH LOG_ALERT
-
-# pcap
-# output log_tcpdump: tcpdump.log
-
-# database
-# output database: alert, <db_type>, user=<username> password=<password> test dbname=<name> host=<hostname>
-# output database: log, <db_type>, user=<username> password=<password> test dbname=<name> host=<hostname>
-
-# prelude
-# output alert_prelude
-
-# metadata reference data. do not modify these lines
-include /etc/snort/rules/classification.config
-include /etc/snort/rules/reference.config
-
-
-###################################################
-# Step #7: Customize your rule set
-# For more information, see Snort Manual, Writing Snort Rules
-###################################################
-
-#
-# site specific rules
-#
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Snort settings file, which contains the settings from the WUI.
+my $snort_settings_file = "${General::swroot}/snort/settings";
+
+# Main snort config file.
+my $snort_config_file = "/etc/snort/snort.conf";
+
+# Snort rules tarball.
+my $snort_rules_tarball = "/var/tmp/snortrules.tar.gz";
+
+#
+## Step 1: Setup directory and file layout, if not present and set correct
+## ownership. The converter runs as a privileged user, but the files
+## needs to be full access-able by the WUI user and group (nobody:nobody).
+#
+
+# Check if the settings directory exists.
+unless (-d $IDS::settingsdir) {
+ # Create the directory.
+ mkdir($IDS::settingsdir);
+}
+
+# Check if the rules directory exists.
+unless (-d $IDS::rulespath) {
+ # Create the directory.
+ mkdir($IDS::rulespath);
+}
+
+# Create file layout, if not exists yet.
+&IDS::check_and_create_filelayout();
+
+# Set correct ownership for settingsdir and rulespath.
+&IDS::set_ownership("$IDS::settingsdir");
+&IDS::set_ownership("$IDS::rulespath");
+
+# Check if a snort settings file exists.
+unless( -f "$snort_settings_file") {
+ print "$snort_settings_file not found - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
+# Check if the snort settings file is empty.
+if (-z "$snort_settings_file") {
+ print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
+#
+## Step 2: Import snort settings and convert to the required format for the new IDS
+## (suricata).
+#
+
+# Hash which contains the "old" snort settings.
+my %snortsettings;
+
+# Hash which contains the IDS (suricata) settings.
+#
+# Add default value for MONITOR_TRAFFIC_ONLY which will be "on"
+# when migrating from snort to the new IDS.
+my %idssettings = (
+ "MONITOR_TRAFFIC_ONLY" => "on",
+);
+
+# Hash which contains the RULES settings.
+#
+# Set default value for UPDATE_INTERVAL to weekly.
+my %rulessettings = (
+ "AUTOUPDATE_INTERVAL" => "weekly",
+);
+
+# Get all available network zones.
+my @network_zones = &IDS::get_available_network_zones();
+
+# Read-in snort settings file.
+&General::readhash("$snort_settings_file", \%snortsettings);
+
+# Loop through the array of network zones.
+foreach my $zone (@network_zones) {
+ # Convert current zone into upper case.
+ my $zone_upper = uc($zone);
+
+ # Check if the current network zone is "red".
+ if($zone eq "red") {
+ # Check if snort was enabled and enabled on red.
+ if ($snortsettings{"ENABLE_SNORT"} eq "on") {
+ # Enable the IDS.
+ $idssettings{"ENABLE_IDS"} = "on";
+
+ # Enable the IDS on RED.
+ $idssettings{"ENABLE_IDS_$zone_upper"} = "on";
+ }
+ } else {
+ # Check if snort was enabled on the current zone.
+ if ($snortsettings{"ENABLE_SNORT_$zone_upper"} eq "on") {
+ # Enable the IDS on this zone too.
+ $idssettings{"ENABLE_IDS_$zone_upper"} = "on";
+ }
+ }
+}
+
+# Grab the choosen ruleset from snort settings hash and store it in the rules
+# settings hash.
+$rulessettings{"RULES"} = $snortsettings{"RULES"};
+
+# Check if an oinkcode has been provided.
+if($snortsettings{"OINKCODE"}) {
+ # Take the oinkcode from snort settings hash and store it in the rules
+ # settings hash.
+ $rulessettings{"OINKCODE"} = $snortsettings{"OINKCODE"};
+}
+
+#
+## Step 3: Import guardian settings and whitelist if the addon is installed.
+#
+
+# Pakfire meta file for owncloud.
+# (File exists when the addon is installed.)
+my $guardian_meta = "/opt/pakfire/db/installed/meta-guardian";
+
+# Check if the guardian addon is installed.
+if (-f $guardian_meta) {
+ # File which contains the taken setting for guardian.
+ my $guardian_settings_file = "${General::swroot}/guardian/settings";
+
+ # File which contains the white-listed hosts.
+ my $guardian_ignored_file = "${General::swroot}/guardian/ignored";
+
+ # Hash which will contain the settings of guardian.
+ my %guardiansettings;
+
+ # Check if the settings file of guardian is empty.
+ unless (-z $guardian_settings_file) {
+ # Read-in settings.
+ &General::readhash("$guardian_settings_file", \%guardiansettings);
+ }
+
+ # Check if guardian is not configured to take actions on snort events.
+ if ($guardiansettings{"GUARDIAN_MONITOR_SNORT"} eq "on") {
+ # Change the IDS into MONITOR_TRAFFIC_ONLY mode.
+ $idssettings{"MONITOR_TRAFFIC_ONLY"} = "off";
+ }
+
+ # Check if guardian has any white-listed hosts configured.
+ unless (-z $guardian_ignored_file) {
+ # Temporary hash to store the ignored hosts.
+ my %ignored_hosts;
+
+ # Read-in white-listed hosts and store them in the hash.
+ &General::readhasharray($guardian_ignored_file, \%ignored_hosts);
+
+ # Write-out the white-listed hosts for the IDS system.
+ &General::writehasharray($IDS::ignored_file, \%ignored_hosts);
+
+ # Call subfunction to generate the file for white-listing the hosts.
+ &IDS::generate_ignored_file();
+ }
+
+}
+
+#
+## Step 4: Save IDS and rules settings.
+#
+
+# Write IDS settings.
+&General::writehash("$IDS::ids_settings_file", \%idssettings);
+
+# Write rules settings.
+&General::writehash("$IDS::rules_settings_file", \%rulessettings);
+
+#
+## Step 5: Generate and write the file to modify the ruleset.
+#
+
+# Converters default is to only monitor the traffic, so set the IDS action to
+# "alert".
+my $IDS_action = "alert";
+
+# Check if the traffic only should be monitored.
+if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "off") {
+ # Swith IDS action to alert only.
+ $IDS_action = "drop";
+}
+
+# Call subfunction and pass the desired IDS action.
+&IDS::write_modify_sids_file($IDS_action);
+
+# Set correct ownership.
+&IDS::set_ownership("$IDS::modify_sids_file");
+
+#
+## Step 6: Move rulestarball to its new location.
+#
+
+# Check if a rulestarball has been downloaded yet.
+if (-f $snort_rules_tarball) {
+ # Load perl module which contains the move command.
+ use File::Copy;
+
+ # Move the rulestarball to the new location.
+ move($snort_rules_tarball, $IDS::rulestarball);
+
+ # Set correct ownership.
+ &IDS::set_ownership("$IDS::rulestarball");
+
+# In case no tarball is present, try to download the ruleset.
+} else {
+ # Check if enought disk space is available.
+ if(&IDS::checkdiskspace()) {
+ # Call the download function and grab the new ruleset.
+ &IDS::downloadruleset();
+ }
+}
+
+#
+## Step 7: Call oinkmaster to extract and setup the rules structures.
+#
+
+# Check if a rulestarball is present.
+if (-f $IDS::rulestarball) {
+ # Launch oinkmaster by calling the subfunction.
+ &IDS::oinkmaster();
+
+ # Set correct ownership for the rulesdir and files.
+ &IDS::set_ownership("$IDS::rulespath");
+}
+
+#
+## Step 8: Grab used ruleset files from snort config file and convert
+## them into the new format.
+#
+
+# Check if the snort config file exists.
+unless (-f $snort_config_file) {
+ print "$snort_config_file does not exist - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
+# Array to store the enabled rules files.
+my @enabled_rule_files;
+
+# Open snort config file.
+open(SNORTCONF, $snort_config_file) or die "Could not open $snort_config_file. $!\n";
+
+# Loop through the file content.
+while (my $line = <SNORTCONF>) {
+ # Skip comments.
+ next if ($line =~ /\#/);
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Remove newlines.
+ chomp($line);
+
+ # Check for a line with .rules
+ if ($line =~ /\.rules$/) {
+ # Parse out rule file name
+ my $rulefile = $line;
+ $rulefile =~ s/\$RULE_PATH\///i;
+ $rulefile =~ s/ ?include ?//i;
+
+ # Add the enabled rulefile to the array of enabled rule files.
+ push(@enabled_rule_files, $rulefile);
+ }
+}
+
+# Close filehandle.
+close(SNORTCONF);
+
+# Pass the array of enabled rule files to the subfunction and write the file.
+&IDS::write_used_rulefiles_file(@enabled_rule_files);
+
+#
+## Step 9: Generate file for the HOME Net.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_home_net_file();
+
+#
+## Step 10: Setup automatic ruleset updates.
+#
+
+# Check if a ruleset is configured.
+if($rulessettings{"RULES"}) {
+ # Call suricatactrl and setup the periodic update mechanism.
+ &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
+}
+
+#
+## Step 11: Start the IDS if enabled.
+#
+
+# Check if the IDS should be started.
+if($idssettings{"ENABLE_IDS"} eq "on") {
+ # Call suricatactrl and launch the IDS.
+ &IDS::call_suricatactrl("start");
+}
--- /dev/null
+# Ruleset for registered sourcefire users.
+registered = https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=<oinkcode>
+
+# Ruleset for registered sourcefire users with valid subscription.
+subscripted = https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=<oinkcode>
+
+# Community rules from sourcefire.
+community = https://www.snort.org/rules/community
+
+# Emerging threads community rules.
+emerging = https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz
+
+# Emerging threads pro rules.
+emerging_pro = https://rules.emergingthreatspro.com/<oinkcode>/suricata-4.0/etpro.rules.tar.gz
+
--- /dev/null
+%YAML 1.1
+---
+
+##
+## IPFire specific configuration file - an untouched example configuration
+## can be found in suricata-example.yaml.
+##
+
+vars:
+ address-groups:
+ # Include HOME_NET declaration from external file.
+ include: /var/ipfire/suricata/suricata-homenet.yaml
+
+ EXTERNAL_NET: "!$HOME_NET"
+ #EXTERNAL_NET: "any"
+
+ HTTP_SERVERS: "$HOME_NET"
+ SMTP_SERVERS: "$HOME_NET"
+ SQL_SERVERS: "$HOME_NET"
+ DNS_SERVERS: "$HOME_NET"
+ TELNET_SERVERS: "$HOME_NET"
+ AIM_SERVERS: "$EXTERNAL_NET"
+ DC_SERVERS: "$HOME_NET"
+ DNP3_SERVER: "$HOME_NET"
+ DNP3_CLIENT: "$HOME_NET"
+ MODBUS_CLIENT: "$HOME_NET"
+ MODBUS_SERVER: "$HOME_NET"
+ ENIP_CLIENT: "$HOME_NET"
+ ENIP_SERVER: "$HOME_NET"
+
+ port-groups:
+ HTTP_PORTS: "80"
+ SHELLCODE_PORTS: "!80"
+ ORACLE_PORTS: 1521
+ SSH_PORTS: "[22,222]"
+ DNP3_PORTS: 20000
+ MODBUS_PORTS: 502
+ FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
+ FTP_PORTS: 21
+
+##
+## Ruleset specific options.
+##
+default-rule-path: /var/lib/suricata
+rule-files:
+ # Include enabled ruleset files from external file.
+ include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+
+classification-file: /var/lib/suricata/classification.config
+reference-config-file: /var/lib/suricata/reference.config
+threshold-file: /var/lib/suricata/threshold.config
+
+
+##
+## Logging options.
+##
+default-log-dir: /var/log/suricata/
+
+# global stats configuration
+stats:
+ enabled: yes
+ # The interval field (in seconds) controls at what interval
+ # the loggers are invoked.
+ interval: 8
+
+ # Add decode events as stats.
+ #decoder-events: true
+ # Decoder event prefix in stats. Has been 'decoder' before, but that leads
+ # to missing events in the eve.stats records. See issue #2225.
+ decoder-events-prefix: "decoder.event"
+ # Add stream events as stats.
+ #stream-events: false
+
+# Configure the type of alert (and other) logging you would like.
+outputs:
+ # a line based alerts log similar to Snort's fast.log
+ - fast:
+ enabled: yes
+ filename: fast.log
+ append: yes
+ #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
+
+ # Stats.log contains data from various counters of the suricata engine.
+ - stats:
+ enabled: yes
+ filename: stats.log
+ append: no # append to file (yes) or overwrite it (no)
+ totals: yes # stats for all threads merged together
+ threads: no # per thread stats
+ #null-values: yes # print counters that have value 0
+
+logging:
+ # The default log level, can be overridden in an output section.
+ # Note that debug level logging will only be emitted if Suricata was
+ # compiled with the --enable-debug configure option.
+ #
+ # This value is overriden by the SC_LOG_LEVEL env var.
+ default-log-level: notice
+
+ # A regex to filter output. Can be overridden in an output section.
+ # Defaults to empty (no filter).
+ #
+ # This value is overriden by the SC_LOG_OP_FILTER env var.
+ default-output-filter:
+
+ # Define your logging outputs. If none are defined, or they are all
+ # disabled you will get the default - console output.
+ outputs:
+ - console:
+ enabled: no
+ # type: json
+ - file:
+ enabled: no
+ level: info
+ filename: /var/log/suricata/suricata.log
+ # type: json
+ - syslog:
+ enabled: yes
+ facility: local5
+ format: ""
+ # type: json
+
+##
+## Netfilter configuration
+##
+
+nfq:
+ mode: repeat
+ repeat-mark: 1879048192
+ repeat-mask: 1879048192
+# bypass-mark: 1
+# bypass-mask: 1
+# route-queue: 2
+# batchcount: 20
+ fail-open: yes
+
+##
+## Step 5: App Layer Protocol Configuration
+##
+
+# Configure the app-layer parsers. The protocols section details each
+# protocol.
+#
+# The option "enabled" takes 3 values - "yes", "no", "detection-only".
+# "yes" enables both detection and the parser, "no" disables both, and
+# "detection-only" enables protocol detection only (parser disabled).
+app-layer:
+ protocols:
+ krb5:
+ enabled: no # Requires rust
+ ikev2:
+ enabled: yes
+ tls:
+ enabled: yes
+ detection-ports:
+ dp: "[443,444,465,853,993,995]"
+
+ # Completely stop processing TLS/SSL session after the handshake
+ # completed. If bypass is enabled this will also trigger flow
+ # bypass. If disabled (the default), TLS/SSL session is still
+ # tracked for Heartbleed and other anomalies.
+ #no-reassemble: yes
+ dcerpc:
+ enabled: yes
+ ftp:
+ enabled: yes
+ ssh:
+ enabled: yes
+ smtp:
+ enabled: yes
+ # Configure SMTP-MIME Decoder
+ mime:
+ # Decode MIME messages from SMTP transactions
+ # (may be resource intensive)
+ # This field supercedes all others because it turns the entire
+ # process on or off
+ decode-mime: yes
+
+ # Decode MIME entity bodies (ie. base64, quoted-printable, etc.)
+ decode-base64: yes
+ decode-quoted-printable: yes
+
+ # Maximum bytes per header data value stored in the data structure
+ # (default is 2000)
+ header-value-depth: 2000
+
+ # Extract URLs and save in state data structure
+ extract-urls: yes
+ # Set to yes to compute the md5 of the mail body. You will then
+ # be able to journalize it.
+ body-md5: no
+ # Configure inspected-tracker for file_data keyword
+ inspected-tracker:
+ content-limit: 100000
+ content-inspect-min-size: 32768
+ content-inspect-window: 4096
+ imap:
+ enabled: yes
+ msn:
+ enabled: yes
+ smb:
+ enabled: yes
+ detection-ports:
+ dp: 139, 445
+ # smb2 detection is disabled internally inside the engine.
+ #smb2:
+ # enabled: yes
+ dns:
+ # memcaps. Globally and per flow/state.
+ global-memcap: 32mb
+ state-memcap: 512kb
+
+ # How many unreplied DNS requests are considered a flood.
+ # If the limit is reached, app-layer-event:dns.flooded; will match.
+ request-flood: 512
+
+ tcp:
+ enabled: yes
+ detection-ports:
+ dp: 53
+ udp:
+ enabled: yes
+ detection-ports:
+ dp: 53
+ http:
+ enabled: yes
+ memcap: 256mb
+
+ # default-config: Used when no server-config matches
+ # personality: List of personalities used by default
+ # request-body-limit: Limit reassembly of request body for inspection
+ # by http_client_body & pcre /P option.
+ # response-body-limit: Limit reassembly of response body for inspection
+ # by file_data, http_server_body & pcre /Q option.
+ # double-decode-path: Double decode path section of the URI
+ # double-decode-query: Double decode query section of the URI
+ # response-body-decompress-layer-limit:
+ # Limit to how many layers of compression will be
+ # decompressed. Defaults to 2.
+ #
+ # Currently Available Personalities:
+ # Minimal, Generic, IDS (default), IIS_4_0, IIS_5_0, IIS_5_1, IIS_6_0,
+ # IIS_7_0, IIS_7_5, Apache_2
+ libhtp:
+ default-config:
+ personality: IDS
+
+ # Can be specified in kb, mb, gb. Just a number indicates
+ # it's in bytes.
+ request-body-limit: 0
+ response-body-limit: 0
+
+ # response body decompression (0 disables)
+ response-body-decompress-layer-limit: 2
+
+ # auto will use http-body-inline mode in IPS mode, yes or no set it statically
+ http-body-inline: auto
+
+ # Take a random value for inspection sizes around the specified value.
+ # This lower the risk of some evasion technics but could lead
+ # detection change between runs. It is set to 'yes' by default.
+ randomize-inspection-sizes: yes
+ # If randomize-inspection-sizes is active, the value of various
+ # inspection size will be choosen in the [1 - range%, 1 + range%]
+ # range
+ # Default value of randomize-inspection-range is 10.
+ randomize-inspection-range: 10
+
+ # decoding
+ double-decode-path: no
+ double-decode-query: no
+
+
+# Limit for the maximum number of asn1 frames to decode (default 256)
+asn1-max-frames: 256
+
+
+##############################################################################
+##
+## Advanced settings below
+##
+##############################################################################
+
+##
+## Run Options
+##
+
+# Run suricata as user and group.
+run-as:
+ user: suricata
+ group: suricata
+
+# Suricata core dump configuration. Limits the size of the core dump file to
+# approximately max-dump. The actual core dump size will be a multiple of the
+# page size. Core dumps that would be larger than max-dump are truncated. On
+# Linux, the actual core dump size may be a few pages larger than max-dump.
+# Setting max-dump to 0 disables core dumping.
+# Setting max-dump to 'unlimited' will give the full core dump file.
+# On 32-bit Linux, a max-dump value >= ULONG_MAX may cause the core dump size
+# to be 'unlimited'.
+
+coredump:
+ max-dump: unlimited
+
+# If suricata box is a router for the sniffed networks, set it to 'router'. If
+# it is a pure sniffing setup, set it to 'sniffer-only'.
+# If set to auto, the variable is internally switch to 'router' in IPS mode
+# and 'sniffer-only' in IDS mode.
+# This feature is currently only used by the reject* keywords.
+host-mode: auto
+
+# Number of packets preallocated per thread. The default is 1024. A higher number
+# will make sure each CPU will be more easily kept busy, but may negatively
+# impact caching.
+max-pending-packets: 1024
+
+# Runmode the engine should use. Please check --list-runmodes to get the available
+# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
+# load balancing).
+#runmode: autofp
+
+# Specifies the kind of flow load balancer used by the flow pinned autofp mode.
+#
+# Supported schedulers are:
+#
+# round-robin - Flows assigned to threads in a round robin fashion.
+# active-packets - Flows assigned to threads that have the lowest number of
+# unprocessed packets (default).
+# hash - Flow alloted usihng the address hash. More of a random
+# technique. Was the default in Suricata 1.2.1 and older.
+#
+#autofp-scheduler: active-packets
+
+# Preallocated size for packet. Default is 1514 which is the classical
+# size for pcap on ethernet. You should adjust this value to the highest
+# packet size (MTU + hardware header) on your system.
+default-packet-size: 1514
+
+# Unix command socket can be used to pass commands to suricata.
+# An external tool can then connect to get information from suricata
+# or trigger some modifications of the engine. Set enabled to yes
+# to activate the feature. In auto mode, the feature will only be
+# activated in live capture mode. You can use the filename variable to set
+# the file name of the socket.
+unix-command:
+ enabled: no
+ #filename: custom.socket
+
+# Magic file
+magic-file: /usr/share/misc/magic.mgc
+
+legacy:
+ uricontent: enabled
+
+##
+## Detection settings
+##
+
+# Set the order of alerts bassed on actions
+# The default order is pass, drop, reject, alert
+# action-order:
+# - pass
+# - drop
+# - reject
+# - alert
+
+# When run with the option --engine-analysis, the engine will read each of
+# the parameters below, and print reports for each of the enabled sections
+# and exit. The reports are printed to a file in the default log dir
+# given by the parameter "default-log-dir", with engine reporting
+# subsection below printing reports in its own report file.
+engine-analysis:
+ # enables printing reports for fast-pattern for every rule.
+ rules-fast-pattern: yes
+ # enables printing reports for each rule
+ rules: yes
+
+#recursion and match limits for PCRE where supported
+pcre:
+ match-limit: 3500
+ match-limit-recursion: 1500
+
+##
+## Advanced Traffic Tracking and Reconstruction Settings
+##
+
+# Host specific policies for defragmentation and TCP stream
+# reassembly. The host OS lookup is done using a radix tree, just
+# like a routing table so the most specific entry matches.
+host-os-policy:
+ # Make the default policy windows.
+ windows: [0.0.0.0/0]
+ bsd: []
+ bsd-right: []
+ old-linux: []
+ linux: []
+ old-solaris: []
+ solaris: []
+ hpux10: []
+ hpux11: []
+ irix: []
+ macos: []
+ vista: []
+ windows2k3: []
+
+# Defrag settings:
+
+defrag:
+ memcap: 64mb
+ hash-size: 65536
+ trackers: 65535 # number of defragmented flows to follow
+ max-frags: 65535 # number of fragments to keep (higher than trackers)
+ prealloc: yes
+ timeout: 60
+
+# Flow settings:
+# By default, the reserved memory (memcap) for flows is 32MB. This is the limit
+# for flow allocation inside the engine. You can change this value to allow
+# more memory usage for flows.
+# The hash-size determine the size of the hash used to identify flows inside
+# the engine, and by default the value is 65536.
+# At the startup, the engine can preallocate a number of flows, to get a better
+# performance. The number of flows preallocated is 10000 by default.
+# emergency-recovery is the percentage of flows that the engine need to
+# prune before unsetting the emergency state. The emergency state is activated
+# when the memcap limit is reached, allowing to create new flows, but
+# prunning them with the emergency timeouts (they are defined below).
+# If the memcap is reached, the engine will try to prune flows
+# with the default timeouts. If it doens't find a flow to prune, it will set
+# the emergency bit and it will try again with more agressive timeouts.
+# If that doesn't work, then it will try to kill the last time seen flows
+# not in use.
+# The memcap can be specified in kb, mb, gb. Just a number indicates it's
+# in bytes.
+
+flow:
+ memcap: 256mb
+ hash-size: 65536
+ prealloc: 10000
+ emergency-recovery: 30
+ managers: 1
+ recyclers: 1
+
+# This option controls the use of vlan ids in the flow (and defrag)
+# hashing. Normally this should be enabled, but in some (broken)
+# setups where both sides of a flow are not tagged with the same vlan
+# tag, we can ignore the vlan id's in the flow hashing.
+vlan:
+ use-for-tracking: true
+
+# Specific timeouts for flows. Here you can specify the timeouts that the
+# active flows will wait to transit from the current state to another, on each
+# protocol. The value of "new" determine the seconds to wait after a hanshake or
+# stream startup before the engine free the data of that flow it doesn't
+# change the state to established (usually if we don't receive more packets
+# of that flow). The value of "established" is the amount of
+# seconds that the engine will wait to free the flow if it spend that amount
+# without receiving new packets or closing the connection. "closed" is the
+# amount of time to wait after a flow is closed (usually zero). "bypassed"
+# timeout controls locally bypassed flows. For these flows we don't do any other
+# tracking. If no packets have been seen after this timeout, the flow is discarded.
+#
+# There's an emergency mode that will become active under attack circumstances,
+# making the engine to check flow status faster. This configuration variables
+# use the prefix "emergency-" and work similar as the normal ones.
+# Some timeouts doesn't apply to all the protocols, like "closed", for udp and
+# icmp.
+
+flow-timeouts:
+
+ default:
+ new: 30
+ established: 300
+ closed: 0
+ bypassed: 100
+ emergency-new: 10
+ emergency-established: 100
+ emergency-closed: 0
+ emergency-bypassed: 50
+ tcp:
+ new: 60
+ established: 600
+ closed: 60
+ bypassed: 100
+ emergency-new: 5
+ emergency-established: 100
+ emergency-closed: 10
+ emergency-bypassed: 50
+ udp:
+ new: 30
+ established: 300
+ bypassed: 100
+ emergency-new: 10
+ emergency-established: 100
+ emergency-bypassed: 50
+ icmp:
+ new: 30
+ established: 300
+ bypassed: 100
+ emergency-new: 10
+ emergency-established: 100
+ emergency-bypassed: 50
+
+# Stream engine settings. Here the TCP stream tracking and reassembly
+# engine is configured.
+#
+# stream:
+# memcap: 32mb # Can be specified in kb, mb, gb. Just a
+# # number indicates it's in bytes.
+# checksum-validation: yes # To validate the checksum of received
+# # packet. If csum validation is specified as
+# # "yes", then packet with invalid csum will not
+# # be processed by the engine stream/app layer.
+# # Warning: locally generated trafic can be
+# # generated without checksum due to hardware offload
+# # of checksum. You can control the handling of checksum
+# # on a per-interface basis via the 'checksum-checks'
+# # option
+# prealloc-sessions: 2k # 2k sessions prealloc'd per stream thread
+# midstream: false # don't allow midstream session pickups
+# async-oneside: false # don't enable async stream handling
+# inline: no # stream inline mode
+# drop-invalid: yes # in inline mode, drop packets that are invalid with regards to streaming engine
+# max-synack-queued: 5 # Max different SYN/ACKs to queue
+# bypass: no # Bypass packets when stream.depth is reached
+#
+# reassembly:
+# memcap: 64mb # Can be specified in kb, mb, gb. Just a number
+# # indicates it's in bytes.
+# depth: 1mb # Can be specified in kb, mb, gb. Just a number
+# # indicates it's in bytes.
+# toserver-chunk-size: 2560 # inspect raw stream in chunks of at least
+# # this size. Can be specified in kb, mb,
+# # gb. Just a number indicates it's in bytes.
+# toclient-chunk-size: 2560 # inspect raw stream in chunks of at least
+# # this size. Can be specified in kb, mb,
+# # gb. Just a number indicates it's in bytes.
+# randomize-chunk-size: yes # Take a random value for chunk size around the specified value.
+# # This lower the risk of some evasion technics but could lead
+# # detection change between runs. It is set to 'yes' by default.
+# randomize-chunk-range: 10 # If randomize-chunk-size is active, the value of chunk-size is
+# # a random value between (1 - randomize-chunk-range/100)*toserver-chunk-size
+# # and (1 + randomize-chunk-range/100)*toserver-chunk-size and the same
+# # calculation for toclient-chunk-size.
+# # Default value of randomize-chunk-range is 10.
+#
+# raw: yes # 'Raw' reassembly enabled or disabled.
+# # raw is for content inspection by detection
+# # engine.
+#
+# segment-prealloc: 2048 # number of segments preallocated per thread
+#
+# check-overlap-different-data: true|false
+# # check if a segment contains different data
+# # than what we've already seen for that
+# # position in the stream.
+# # This is enabled automatically if inline mode
+# # is used or when stream-event:reassembly_overlap_different_data;
+# # is used in a rule.
+#
+stream:
+ memcap: 256mb
+ prealloc-sessions: 4096
+ checksum-validation: yes # reject wrong csums
+ inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
+ reassembly:
+ memcap: 256mb
+ depth: 1mb # reassemble 1mb into a stream
+ toserver-chunk-size: 2560
+ toclient-chunk-size: 2560
+ randomize-chunk-size: yes
+ raw: yes
+ segment-prealloc: 2048
+ check-overlap-different-data: true
+
+# Host table:
+#
+# Host table is used by tagging and per host thresholding subsystems.
+#
+host:
+ hash-size: 4096
+ prealloc: 1000
+ memcap: 32mb
+
+# IP Pair table:
+#
+# Used by xbits 'ippair' tracking.
+#
+#ippair:
+# hash-size: 4096
+# prealloc: 1000
+# memcap: 32mb
+
+# Decoder settings
+
+decoder:
+ # Teredo decoder is known to not be completely accurate
+ # it will sometimes detect non-teredo as teredo.
+ teredo:
+ enabled: false
+
+
+##
+## Performance tuning and profiling
+##
+
+# The detection engine builds internal groups of signatures. The engine
+# allow us to specify the profile to use for them, to manage memory on an
+# efficient way keeping a good performance. For the profile keyword you
+# can use the words "low", "medium", "high" or "custom". If you use custom
+# make sure to define the values at "- custom-values" as your convenience.
+# Usually you would prefer medium/high/low.
+#
+# "sgh mpm-context", indicates how the staging should allot mpm contexts for
+# the signature groups. "single" indicates the use of a single context for
+# all the signature group heads. "full" indicates a mpm-context for each
+# group head. "auto" lets the engine decide the distribution of contexts
+# based on the information the engine gathers on the patterns from each
+# group head.
+#
+# The option inspection-recursion-limit is used to limit the recursive calls
+# in the content inspection code. For certain payload-sig combinations, we
+# might end up taking too much time in the content inspection code.
+# If the argument specified is 0, the engine uses an internally defined
+# default limit. On not specifying a value, we use no limits on the recursion.
+detect:
+ profile: high
+ custom-values:
+ toclient-groups: 3
+ toserver-groups: 25
+ sgh-mpm-context: auto
+ inspection-recursion-limit: 3000
+
+ # If set to yes, the loading of signatures will be made after the capture
+ # is started. This will limit the downtime in IPS mode.
+ delayed-detect: yes
+
+ prefilter:
+ # default prefiltering setting. "mpm" only creates MPM/fast_pattern
+ # engines. "auto" also sets up prefilter engines for other keywords.
+ # Use --list-keywords=all to see which keywords support prefiltering.
+ default: mpm
+
+ # the grouping values above control how many groups are created per
+ # direction. Port whitelisting forces that port to get it's own group.
+ # Very common ports will benefit, as well as ports with many expensive
+ # rules.
+ grouping:
+ #tcp-whitelist: 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
+ #udp-whitelist: 53, 135, 5060
+
+ profiling:
+ # Log the rules that made it past the prefilter stage, per packet
+ # default is off. The threshold setting determines how many rules
+ # must have made it past pre-filter for that rule to trigger the
+ # logging.
+ #inspect-logging-threshold: 200
+ grouping:
+ dump-to-disk: false
+ include-rules: false # very verbose
+ include-mpm-stats: false
+
+# Select the multi pattern algorithm you want to run for scan/search the
+# in the engine.
+#
+# The supported algorithms are:
+# "ac" - Aho-Corasick, default implementation
+# "ac-bs" - Aho-Corasick, reduced memory implementation
+# "ac-cuda" - Aho-Corasick, CUDA implementation
+# "ac-ks" - Aho-Corasick, "Ken Steele" variant
+# "hs" - Hyperscan, available when built with Hyperscan support
+#
+# The default mpm-algo value of "auto" will use "hs" if Hyperscan is
+# available, "ac" otherwise.
+#
+# The mpm you choose also decides the distribution of mpm contexts for
+# signature groups, specified by the conf - "detect.sgh-mpm-context".
+# Selecting "ac" as the mpm would require "detect.sgh-mpm-context"
+# to be set to "single", because of ac's memory requirements, unless the
+# ruleset is small enough to fit in one's memory, in which case one can
+# use "full" with "ac". Rest of the mpms can be run in "full" mode.
+#
+# There is also a CUDA pattern matcher (only available if Suricata was
+# compiled with --enable-cuda: b2g_cuda. Make sure to update your
+# max-pending-packets setting above as well if you use b2g_cuda.
+
+mpm-algo: auto
+
+# Select the matching algorithm you want to use for single-pattern searches.
+#
+# Supported algorithms are "bm" (Boyer-Moore) and "hs" (Hyperscan, only
+# available if Suricata has been built with Hyperscan support).
+#
+# The default of "auto" will use "hs" if available, otherwise "bm".
+
+spm-algo: auto
+
+# Suricata is multi-threaded. Here the threading can be influenced.
+threading:
+ set-cpu-affinity: no
+ # Tune cpu affinity of threads. Each family of threads can be bound
+ # on specific CPUs.
+ #
+ # These 2 apply to the all runmodes:
+ # management-cpu-set is used for flow timeout handling, counters
+ # worker-cpu-set is used for 'worker' threads
+ #
+ # Additionally, for autofp these apply:
+ # receive-cpu-set is used for capture threads
+ # verdict-cpu-set is used for IPS verdict threads
+ #
+ cpu-affinity:
+ - management-cpu-set:
+ cpu: [ 0 ] # include only these cpus in affinity settings
+ - receive-cpu-set:
+ cpu: [ 0 ] # include only these cpus in affinity settings
+ - worker-cpu-set:
+ cpu: [ "all" ]
+ mode: "exclusive"
+ prio:
+ low: [ 0 ]
+ medium: [ "1-2" ]
+ high: [ 3 ]
+ default: "medium"
+ - verdict-cpu-set:
+ cpu: [ 0 ]
+ prio:
+ default: "high"
+ #
+ # By default Suricata creates one "detect" thread per available CPU/CPU core.
+ # This setting allows controlling this behaviour. A ratio setting of 2 will
+ # create 2 detect threads for each CPU/CPU core. So for a dual core CPU this
+ # will result in 4 detect threads. If values below 1 are used, less threads
+ # are created. So on a dual core CPU a setting of 0.5 results in 1 detect
+ # thread being created. Regardless of the setting at a minimum 1 detect
+ # thread will always be created.
+ #
+ detect-thread-ratio: 1.0
import ipaddress
import logging
import logging.handlers
+import os
import re
import signal
import subprocess
+import tempfile
import inotify.adapters
self._cached_leases.append(l)
def write_dhcp_leases(self, leases):
- with open(self.path, "w") as f:
+ with tempfile.NamedTemporaryFile(mode="w", delete=False) as f:
+ filename = f.name
+
for l in leases:
for rr in l.rrset:
f.write("local-data: \"%s\"\n" % " ".join(rr))
+ os.rename(filename, self.path)
+
def _control(self, *args):
command = ["unbound-control"]
command.extend(args)
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: download dh parameter
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp selected but no type
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
-WARNING: translation string unused: ids preprocessor
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: installed updates
WARNING: translation string unused: intrusion detection system log viewer
WARNING: translation string unused: intrusion detection system2
+WARNING: translation string unused: intrusion prevention system
WARNING: translation string unused: invalid cache size
WARNING: translation string unused: invalid date entered
WARNING: translation string unused: invalid downlink speed
WARNING: translation string unused: rsvd dst port overlap
WARNING: translation string unused: rsvd src port overlap
WARNING: translation string unused: rules already up to date
+WARNING: translation string unused: runmode
WARNING: translation string unused: safe removal of umounted device
WARNING: translation string unused: save error
WARNING: translation string unused: select dest net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr update information
WARNING: translation string unused: updxlrtr update notification
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules
WARNING: untranslated string: dead peer detection = Dead Peer Detection
WARNING: untranslated string: default IP address = Default IP Address
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian priority level = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids rules update = Ruleset
+WARNING: untranslated string: ids show = Show
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: ConnSched time = Time:
WARNING: untranslated string: ConnSched up = Up
WARNING: untranslated string: ConnSched weekdays = Days of the week:
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Edit an existing route = Edit an existing route
WARNING: untranslated string: Enter TOS = Activate or deactivate TOS-bits <br /> and then press <i>Save</i>.
WARNING: untranslated string: Existing Files = Files in database
WARNING: untranslated string: The source IP address is invalid. = The source IP address is invalid.
WARNING: untranslated string: Utilization on = Utilization on
WARNING: untranslated string: WakeOnLan = Wake On Lan
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: a ca certificate with this name already exists = A CA certificate with this name already exists.
WARNING: untranslated string: a connection with this common name already exists = A connection with this common name already exists.
WARNING: untranslated string: a connection with this name already exists = A connection with this name already exists.
WARNING: untranslated string: dhcp bootp pxe data = Enter optional bootp pxe data for this fixed lease
WARNING: untranslated string: dhcp configuration = DHCP configuration
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dhcp server = DHCP Server
WARNING: untranslated string: dhcp server disabled = DHCP server disabled. Stopped.
WARNING: untranslated string: dhcp server enabled = DHCP server enabled. Restarting.
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
WARNING: untranslated string: dnsforward entries = Current entries
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: download ca certificate = Download CA certificate
WARNING: untranslated string: download certificate = Download file
WARNING: untranslated string: download host certificate = Download host certificate
-WARNING: untranslated string: download new ruleset = Download new ruleset
WARNING: untranslated string: download pkcs12 file = Download PKCS12 file
WARNING: untranslated string: download root certificate = Download root certificate
WARNING: untranslated string: download tls-auth key = Download tls-auth key
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: empty = This field may be left blank
WARNING: untranslated string: empty profile = empty
WARNING: untranslated string: enable ignore filter = Enable ignore filter
WARNING: untranslated string: enabled = Enabled:
+WARNING: untranslated string: enabled on = Enabled on
WARNING: untranslated string: encapsulation = Encapsulation
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: end address = End address:
WARNING: untranslated string: idle = Idle
WARNING: untranslated string: idle timeout = Idle timeout (mins; 0 to disable):
WARNING: untranslated string: idle timeout not set = Idle timeout not set.
-WARNING: untranslated string: ids log viewer = IDS log viewer
-WARNING: untranslated string: ids logs = IDS Logs
-WARNING: untranslated string: ids rules license = To utilize Sourcefire VRT Certified Rules, you need to register on
-WARNING: untranslated string: ids rules license1 = .
-WARNING: untranslated string: ids rules license2 = Acknowledge the license, activate your account by visiting the url you got via mail. Then go to
-WARNING: untranslated string: ids rules license3 = press the "Generate code"-button and copy the 40 character Oinkcode into the field below.
-WARNING: untranslated string: ids rules update = Snort rules update
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids log viewer = IPS Log Viewer
+WARNING: untranslated string: ids logs = IPS Logs
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids rules update = Ruleset
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: iface = Iface
WARNING: untranslated string: ignore filter = Ignore filter
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: interfaces = Interfaces
WARNING: untranslated string: internet = INTERNET
-WARNING: untranslated string: intrusion detection = Intrusion Detection
-WARNING: untranslated string: intrusion detection system = Intrusion Detection System
-WARNING: untranslated string: intrusion detection system rules = intrusion detection system rules
+WARNING: untranslated string: intrusion detection = Intrusion Prevention
+WARNING: untranslated string: intrusion detection system = Intrusion Prevention System
+WARNING: untranslated string: intrusion detection system rules = Ruleset
WARNING: untranslated string: invalid broadcast ip = Invalid broadcast IP
WARNING: untranslated string: invalid characters found in pre-shared key = Invalid characters found in pre-shared key.
WARNING: untranslated string: invalid default lease time = Invalid default lease time.
WARNING: untranslated string: references = References
WARNING: untranslated string: refresh = Refresh
WARNING: untranslated string: refresh index page while connected = Refresh index.cgi page while connected
-WARNING: untranslated string: registered user rules = Sourcefire VRT rules for registered users
+WARNING: untranslated string: registered user rules = Talos VRT rules for registered users
WARNING: untranslated string: reload = reload
WARNING: untranslated string: remark = Remark
WARNING: untranslated string: remark title = Remark:
WARNING: untranslated string: smbstart = Start samba
WARNING: untranslated string: smbstop = Stop samba
WARNING: untranslated string: snat new source ip address = New source IP address
-WARNING: untranslated string: snort hits = Total of number of Intrusion rules activated for
-WARNING: untranslated string: snort working = Snort is working ... Please wait until all operations have completed successfully.
WARNING: untranslated string: socket options = Socket options
WARNING: untranslated string: software version = Software Version
WARNING: untranslated string: sort ascending = Sort ascending
WARNING: untranslated string: stopped = STOPPED
WARNING: untranslated string: subject = Subject
WARNING: untranslated string: subnet mask = Subnet Mask
-WARNING: untranslated string: subscripted user rules = Sourcefire VRT rules with subscription
+WARNING: untranslated string: subscripted user rules = Talos VRT rules with subscription
WARNING: untranslated string: summaries kept = Keep summaries for
WARNING: untranslated string: sunday = Sunday
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system = System
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: system logs = System Logs
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: unnamed = Unnamed
WARNING: untranslated string: update = Update
WARNING: untranslated string: update accelerator = Update Accelerator
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: update time = Update the time:
-WARNING: untranslated string: updates installed = Ruleset update from
WARNING: untranslated string: updxlrtr 3 months = three months
WARNING: untranslated string: updxlrtr 6 months = six months
WARNING: untranslated string: updxlrtr all files = all files ...
WARNING: untranslated string: upload a certificate request = Upload a certificate request:
WARNING: untranslated string: upload ca certificate = Upload CA certificate
WARNING: untranslated string: upload dh key = Upload Diffie-Hellman parameters
-WARNING: untranslated string: upload new ruleset = Upload new ruleset
WARNING: untranslated string: upload p12 file = Upload PKCS12 file
WARNING: untranslated string: uptime load average = Load average
WARNING: untranslated string: url filter = URL Filter
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr update notification
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: ConnSched hangup = Disconnect
WARNING: untranslated string: ConnSched reboot = Reboot
WARNING: untranslated string: ConnSched shutdown = Shutdown
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: MB read = MB read
WARNING: untranslated string: MB written = MB written
WARNING: untranslated string: MTU settings = MTU settings:
WARNING: untranslated string: Number of Countries for the pie chart = Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: Set time on boot = Force setting the system clock on boot
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: addons = Addons
WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
WARNING: untranslated string: dnsforward entries = Current entries
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: imei = IMEI
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: unblock all = Unblock all
WARNING: untranslated string: uncheck all = Uncheck all
WARNING: untranslated string: unlimited = Unlimited
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: uplink = Uplink
WARNING: untranslated string: uplink bit rate = Uplink Bit Rate
WARNING: untranslated string: upload dh key = Upload Diffie-Hellman parameters
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: download dh parameter
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr used by
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Captive clients = unknown string
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian block a host = unknown string
WARNING: untranslated string: guardian priority level = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: routing config changed = unknown string
WARNING: untranslated string: routing table = unknown string
WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: download dh parameter
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr used by
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: Captive valid for = Valid for
WARNING: untranslated string: Captive vouchervalid = Allowed time for this coupon
WARNING: untranslated string: Captive wrong ext = Uploaded file has wrong filetype
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: MTU settings = MTU settings:
WARNING: untranslated string: Number of Countries for the pie chart = Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
WARNING: untranslated string: eight hours = 8 Hours
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP)
WARNING: untranslated string: guardian priority level = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: incoming compression in bytes per second = Incoming Compression
WARNING: untranslated string: incoming overhead in bytes per second = Incoming Overhead
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: thirty minutes = 30 Minutes
WARNING: untranslated string: unblock all = Unblock all
WARNING: untranslated string: uncheck all = Uncheck all
WARNING: untranslated string: unlimited = Unlimited
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: uplink bit rate = Uplink Bit Rate
WARNING: untranslated string: vpn broken = Broken
WARNING: untranslated string: vpn connecting = CONNECTING
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr used by
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: Captive valid for = Valid for
WARNING: untranslated string: Captive vouchervalid = Allowed time for this coupon
WARNING: untranslated string: Captive wrong ext = Uploaded file has wrong filetype
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: MTU settings = MTU settings:
WARNING: untranslated string: Number of Countries for the pie chart = Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: advproxy AUTH method ntlm auth = Windows Active Directory
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
WARNING: untranslated string: dns servers = DNS Servers
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: dnssec aware = DNSSEC Aware
WARNING: untranslated string: dnssec disabled warning = WARNING: DNSSEC has been disabled
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: fifteen minutes = 15 Minutes
WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country)
WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP)
WARNING: untranslated string: guardian priority level = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: imei = IMEI
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: unblock all = Unblock all
WARNING: untranslated string: uncheck all = Uncheck all
WARNING: untranslated string: unlimited = Unlimited
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: uplink bit rate = Uplink Bit Rate
WARNING: untranslated string: upload dh key = Upload Diffie-Hellman parameters
WARNING: untranslated string: vendor = Vendor
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr update notification
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: ConnSched hangup = Disconnect
WARNING: untranslated string: ConnSched reboot = Reboot
WARNING: untranslated string: ConnSched shutdown = Shutdown
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: MB read = MB read
WARNING: untranslated string: MB written = MB written
WARNING: untranslated string: MTU settings = MTU settings:
WARNING: untranslated string: Number of Countries for the pie chart = Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs = unknown string
WARNING: untranslated string: Set time on boot = Force setting the system clock on boot
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: addons = Addons
WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
WARNING: untranslated string: dnsforward entries = Current entries
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: imei = IMEI
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
WARNING: untranslated string: system information = System Information
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: unblock all = Unblock all
WARNING: untranslated string: uncheck all = Uncheck all
WARNING: untranslated string: unlimited = Unlimited
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: uplink = Uplink
WARNING: untranslated string: uplink bit rate = Uplink Bit Rate
WARNING: untranslated string: upload dh key = Upload Diffie-Hellman parameters
WARNING: translation string unused: domain not set
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: drop output
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr update notification
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: untranslated string: ConnSched hangup = Disconnect
WARNING: untranslated string: ConnSched reboot = Reboot
WARNING: untranslated string: ConnSched shutdown = Shutdown
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Edit an existing route = Edit an existing route
WARNING: untranslated string: MB read = MB read
WARNING: untranslated string: MB written = MB written
WARNING: untranslated string: MTU settings = MTU settings:
WARNING: untranslated string: Number of Countries for the pie chart = Number of Countries for the pie chart
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: addons = Addons
WARNING: untranslated string: administrator password = Administrator password
WARNING: untranslated string: administrator username = Administrator username
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
-WARNING: untranslated string: dhcp dns key name = Key Name:
+WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
-WARNING: untranslated string: dhcp dns update algo = Algorithm:
-WARNING: untranslated string: dhcp dns update secret = Secret:
+WARNING: untranslated string: dhcp dns update algo = Algorithm
+WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: disk access per = Disk Access per
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
WARNING: untranslated string: dnat address = Firewall Interface
WARNING: untranslated string: dnsforward = DNS Forwarding
WARNING: untranslated string: dnsforward add a new entry = Add a new entry
WARNING: untranslated string: dnsforward configuration = DNS forward configuration
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward edit an entry = Edit an existing entry
WARNING: untranslated string: dnsforward entries = Current entries
WARNING: untranslated string: dnsforward forward_servers = Nameservers
WARNING: untranslated string: email testmail = Send test mail
WARNING: untranslated string: email tls = Use TLS
WARNING: untranslated string: email usemail = Activate Mail Service
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules
WARNING: untranslated string: encryption = Encryption:
WARNING: untranslated string: entropy = Entropy
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
WARNING: untranslated string: hardware support = Hardware Support
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: imei = IMEI
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: subnet mask = Subnet Mask
WARNING: untranslated string: support donation = Support the IPFire project with your donation
WARNING: untranslated string: system has rdrand = This system has support for Intel(R) RDRAND.
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: ta key = TLS-Authentification-Key
WARNING: untranslated string: tcp more reliable = TCP (more reliable)
WARNING: untranslated string: ten minutes = 10 Minutes
WARNING: untranslated string: unblock all = Unblock all
WARNING: untranslated string: uncheck all = Uncheck all
WARNING: untranslated string: unlimited = Unlimited
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: uplink = Uplink
WARNING: untranslated string: uplink bit rate = Uplink Bit Rate
WARNING: untranslated string: upload dh key = Upload Diffie-Hellman parameters
WARNING: translation string unused: donation-link
WARNING: translation string unused: done
WARNING: translation string unused: download dh parameter
+WARNING: translation string unused: download new ruleset
WARNING: translation string unused: driver
WARNING: translation string unused: dstprt range overlaps
WARNING: translation string unused: dstprt within existing
WARNING: translation string unused: emailreportlevel
WARNING: translation string unused: enable javascript
WARNING: translation string unused: enable wildcards
-WARNING: translation string unused: enabled on
WARNING: translation string unused: enabledtitle
WARNING: translation string unused: encrypted
WARNING: translation string unused: err bk 1
WARNING: translation string unused: icmp type
WARNING: translation string unused: id
WARNING: translation string unused: ids preprocessor
+WARNING: translation string unused: ids rules license
+WARNING: translation string unused: ids rules license1
+WARNING: translation string unused: ids rules license2
+WARNING: translation string unused: ids rules license3
WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: smbreload
WARNING: translation string unused: smtphost
WARNING: translation string unused: smtpport
+WARNING: translation string unused: snort hits
+WARNING: translation string unused: snort working
WARNING: translation string unused: source ip bad
WARNING: translation string unused: source ip in use
WARNING: translation string unused: source ip or net
WARNING: translation string unused: update transcript
WARNING: translation string unused: updatedatabase
WARNING: translation string unused: updates
+WARNING: translation string unused: updates installed
WARNING: translation string unused: updates is old1
WARNING: translation string unused: updates is old2
WARNING: translation string unused: updxlrtr children
WARNING: translation string unused: updxlrtr used by
WARNING: translation string unused: upload fcdsl.o
WARNING: translation string unused: upload file
+WARNING: translation string unused: upload new ruleset
WARNING: translation string unused: upload static key
WARNING: translation string unused: upload successful
WARNING: translation string unused: upload synch.bin
WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Captive clients = unknown string
+WARNING: untranslated string: Daily = Daily
+WARNING: untranslated string: Disabled = Disabled
WARNING: untranslated string: Scan for Songs = unknown string
+WARNING: untranslated string: Weekly = Weekly
WARNING: untranslated string: bytes = unknown string
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
+WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled
WARNING: untranslated string: dnsforward forward_servers = Nameservers
+WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules
WARNING: untranslated string: fwdfw all subnets = All subnets
WARNING: untranslated string: fwhost cust geoipgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
WARNING: untranslated string: guardian priority level = unknown string
WARNING: untranslated string: guardian service = unknown string
WARNING: untranslated string: guardian watch snort alertfile = unknown string
+WARNING: untranslated string: ids apply = Apply
+WARNING: untranslated string: ids apply ruleset changes = The ruleset changes are being applied. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids automatic rules update = Automatic Rule Update
+WARNING: untranslated string: ids download new ruleset = Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids enable = Enable Intrusion Prevention System
+WARNING: untranslated string: ids hide = Hide
+WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts
+WARNING: untranslated string: ids log hits = Total of number of activated rules for
+WARNING: untranslated string: ids monitor traffic only = Monitor traffic only
+WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
+WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
+WARNING: untranslated string: ids no ruleset available = No ruleset is available. Please download one first
+WARNING: untranslated string: ids oinkcode required = The selected ruleset requires a subscription or an Oinkcode
+WARNING: untranslated string: ids ruleset autoupdate in progress = Ruleset update in progress. Please wait until all operations have completed successfully...
+WARNING: untranslated string: ids ruleset settings = Ruleset Settings
+WARNING: untranslated string: ids show = Show
+WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully...
WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string
WARNING: untranslated string: info messages = unknown string
WARNING: untranslated string: interface mode = Interface
WARNING: untranslated string: ssh no active logins = No active logins
WARNING: untranslated string: ssh username = Username
WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: system is offline = The system is offline.
WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
+WARNING: untranslated string: update ruleset = Update ruleset
WARNING: untranslated string: vpn start action add = Wait for connection initiation
WARNING: untranslated string: vpn statistics n2n = unknown string
WARNING: untranslated string: vpn wait = WAITING
< dhcp server enabled on blue interface
< dh name is invalid
< done
+< emerging pro rules
< emerging rules
< g.dtm
< g.lite
< guardian
+< ids hide
+< ids rules update
+< ids show
< insert removable device
< interface mode
< notes
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< dead peer detection
< default
< default ip
< dh key warn1
< dh name is invalid
< dh parameter
+< Disabled
< dl client arch insecure
< dnat address
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
< email text
< email tls
< email usemail
+< emerging pro rules
< emerging rules
< encryption
< entropy
< grouptype
< guardian
< hardware support
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< imei
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
< integrity
< interface mode
+< intrusion prevention system
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< rdns
< red1
< required field
+< runmode
< samba join a domain
< samba join domain
< search
< system has hwrng
< system has rdrand
< system information
+< system is offline
< ta key
< tcp more reliable
< ten minutes
< unblock all
< uncheck all
< unlimited
+< update ruleset
< updxlrtr sources
< updxlrtr standard view
< updxlrtr used by
< vpn statistic rw
< vpn wait
< vpn weak
+< Weekly
< wireless network
< wlanap
< wlanap configuration
# Checking cgi-bin translations for language: fr #
############################################################################
< cryptographic settings
+< Daily
< default IP address
+< Disabled
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dns forwarding dnssec disabled notice
+< emerging pro rules
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< interface mode
+< intrusion prevention system
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< ipsec settings
< local ip address
< mtu
+< runmode
< subnet mask
+< system is offline
< transport mode does not support vti
+< update ruleset
+< Weekly
############################################################################
# Checking cgi-bin translations for language: it #
############################################################################
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< default IP address
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< dhcp dns update algo
< dhcp dns update secret
+< Disabled
< dl client arch insecure
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< dnssec disabled warning
< email text
< email tls
< email usemail
+< emerging pro rules
< fifteen minutes
< firewall graph country
< firewall graph ip
< geoipblock flag
< guaranteed bandwith
< guardian
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< incoming compression in bytes per second
< incoming overhead in bytes per second
< interface mode
+< intrusion prevention system
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< pptp route
< rdns
< required field
+< runmode
< samba join a domain
< samba join domain
< search
< ssh no active logins
< ssh username
< subnet mask
+< system is offline
< tcp more reliable
< ten minutes
< thirty minutes
< unblock all
< uncheck all
< unlimited
+< update ruleset
< uplink bit rate
< vpn broken
< vpn connecting
< vpn statistic rw
< vpn wait
< vpn weak
+< Weekly
< wireless network
< wlanap
< wlanap configuration
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< default
< default IP address
< dh
< dh key warn1
< dh name is invalid
< dh parameter
+< Disabled
< dl client arch insecure
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
< dnssec aware
< email text
< email tls
< email usemail
+< emerging pro rules
< fifteen minutes
< firewall graph country
< firewall graph ip
< geoipblock enable feature
< geoipblock flag
< guardian
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< imei
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
< interface mode
+< intrusion prevention system
< invalid input for inactivity timeout
< invalid input for interface address
< invalid input for interface mode
< random number generator daemon
< rdns
< required field
+< runmode
< samba join a domain
< samba join domain
< search
< ssh no active logins
< ssh username
< subnet mask
+< system is offline
< ta key
< tcp more reliable
< ten minutes
< unblock all
< uncheck all
< unlimited
+< update ruleset
< uplink bit rate
< upload dh key
< vendor
< vpn statistic rw
< vpn wait
< vpn weak
+< Weekly
< wireless network
< wlanap
< wlanap configuration
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< dead peer detection
< default
< default ip
< dh key warn1
< dh name is invalid
< dh parameter
+< Disabled
< dl client arch insecure
< dnat address
< dnsforward
< dnsforward add a new entry
< dnsforward configuration
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
< email text
< email tls
< email usemail
+< emerging pro rules
< emerging rules
< encryption
< entropy
< grouptype
< guardian
< hardware support
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< imei
< imsi
< incoming compression in bytes per second
< incoming overhead in bytes per second
< integrity
< interface mode
+< intrusion prevention system
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< rdns
< red1
< required field
+< runmode
< samba join a domain
< samba join domain
< search
< support donation
< system has hwrng
< system has rdrand
+< system is offline
< ta key
< tcp more reliable
< ten minutes
< unblock all
< uncheck all
< unlimited
+< update ruleset
< updxlrtr sources
< updxlrtr standard view
< updxlrtr used by
< vpn statistic rw
< vpn wait
< vpn weak
+< Weekly
< wireless network
< wlanap
< wlanap configuration
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< day-graph
< dead peer detection
< default
< dh key warn1
< dh name is invalid
< dh parameter
+< Disabled
< disk access per
< dl client arch insecure
< dnat address
< dnsforward add a new entry
< dnsforward configuration
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward edit an entry
< dnsforward entries
< dnsforward forward_servers
< email text
< email tls
< email usemail
+< emerging pro rules
< emerging rules
< encryption
< entropy
< guardian
< hardware support
< hour-graph
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< imei
< imsi
< incoming compression in bytes per second
< incoming traffic in bytes per second
< integrity
< interface mode
+< intrusion prevention system
< invalid input for dpd delay
< invalid input for dpd timeout
< invalid input for inactivity timeout
< rdns
< red1
< required field
+< runmode
< samba join a domain
< samba join domain
< search
< support donation
< system has hwrng
< system has rdrand
+< system is offline
< ta key
< tcp more reliable
< ten minutes
< unblock all
< uncheck all
< unlimited
+< update ruleset
< updxlrtr sources
< updxlrtr standard view
< updxlrtr used by
< vpn wait
< vpn weak
< week-graph
+< Weekly
< wireless network
< wlanap
< wlanap configuration
< crypto error
< cryptographic settings
< crypto warning
+< Daily
< default IP address
+< Disabled
< dns forward disable dnssec
+< dnsforward dnssec disabled
< dnsforward forward_servers
< dns forwarding dnssec disabled notice
+< emerging pro rules
< fwdfw all subnets
+< ids apply
+< ids apply ruleset changes
+< ids automatic rules update
+< ids download new ruleset
+< ids enable
+< ids hide
+< ids ignored hosts
+< ids log hits
+< ids monitored interfaces
+< ids monitor traffic only
+< ids no network zone
+< ids no ruleset available
+< ids oinkcode required
+< ids ruleset autoupdate in progress
+< ids ruleset settings
+< ids show
+< ids working
< interface mode
+< intrusion prevention system
< invalid input for interface address
< invalid input for interface mode
< invalid input for interface mtu
< ovpn error dh
< ovpn error md5
< ovpn warning rfc3280
+< runmode
< ssh active sessions
< ssh login time
< ssh no active logins
< ssh username
< subnet mask
+< system is offline
< transport mode does not support vti
+< update ruleset
< vpn start action add
< vpn wait
+< Weekly
< wlanap neighbor scan
< wlanap neighbor scan warning
require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop in case of manual install
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
my $configfwdfw = "${General::swroot}/firewall/config";
my $configinput = "${General::swroot}/firewall/input";
# Rebuild configuration file if needed
&BuildConfiguration;
+
+ # Handle suricata related actions.
+ &HandleSuricata();
}
ERROR: # Leave the faulty field untouched
# Rebuild configuration file
&BuildConfiguration;
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
&SortDataFile; # sort newly added/modified entry
&BuildConfiguration; # then re-build conf which use new data
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
##
## if entering data line is repetitive, choose here to not erase fields between each addition
&General::log($Lang::tr{'ip alias removed'});
&BuildConfiguration; # then re-build conf which use new data
+
+ # Handle Suricata related actions.
+ &HandleSuricata();
}
system '/usr/local/bin/setaliases';
}
+#
+## Handle Suricata related actions.
+#
+sub HandleSuricata() {
+ # Check if suricata is running.
+ if(&IDS::ids_is_running()) {
+ # Re-generate file which contains the HOME_NET declaration.
+ &IDS::generate_home_net_file();
+
+ # Call suricatactrl to perform a restart of suricata.
+ &IDS::call_suricatactrl("restart");
+ }
+}
Arne Fitzenreiter,
Christian Schmidt,
Alexander Marx,
-Matthias Fischer,
Stefan Schantl,
+Matthias Fischer,
Jan Paul Tücking,
Jonatan Schlag,
-Erik Kapfer,
Peter Müller,
+Erik Kapfer,
Dirk Wagner,
Marcel Lorenz,
Alf Høgemark,
$cgiparams{'ZONE'} = $temp[1];
$cgiparams{'FORWARD_SERVERS'} = join(",", split(/\|/, $temp[2]));
$cgiparams{'REMARK'} = $temp[3];
- $cgiparams{'DISABLE_DNSSEC'} = $temp[4];
+ $cgiparams{'DISABLE_DNSSEC'} = ($temp[4] eq "on") ? "on" : "off";
}
}
}
</tr>
<tr>
<td width ='20%' class='base'>$Lang::tr{'dns forward disable dnssec'}:</td>
- <td><input type='checkbox' name='DISABLE_DNSSEC' $checked{'DISABLE_DNSSEC'}' /></td>
+ <td><input type='checkbox' name='DISABLE_DNSSEC' $checked{'DISABLE_DNSSEC'}{'on'} /></td>
</tr>
</table>
<br>
<td class='base'>$Lang::tr{'edit'}</td>
<td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
<td class='base'>$Lang::tr{'remove'}</td>
+ <td> <span style="background-color: $Header::colourred"> </span></td>
+ <td class='base'>$Lang::tr{'dnsforward dnssec disabled'}</td>
</tr>
</table>
END
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
-use File::Copy;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
-
-sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
-
-$a = new CGI;
+require "${General::swroot}/ids-functions.pl";
my %color = ();
my %mainsettings = ();
+my %idsrules = ();
+my %idssettings=();
+my %rulessettings=();
+my %rulesetsources = ();
+my %cgiparams=();
+my %checked=();
+my %selected=();
+my %ignored=();
+
+# Read-in main settings, for language, theme and colors.
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-my %snortsettings=();
-my %checked=();
-my %selected=();
-my %netsettings=();
-our $errormessage = '';
-our $results = '';
-our $tempdir = '';
-our $url='';
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+# Get the available network zones, based on the config type of the system and store
+# the list of zones in an array.
+my @network_zones = &IDS::get_available_network_zones();
+
+my $errormessage;
+
+# Create files if they does not exist yet.
+&IDS::check_and_create_filelayout();
+
+# Hash which contains the colour code of a network zone.
+my %colourhash = (
+ 'red' => $Header::colourred,
+ 'green' => $Header::colourgreen,
+ 'blue' => $Header::colourblue,
+ 'orange' => $Header::colourorange
+);
&Header::showhttpheaders();
-$snortsettings{'ENABLE_SNORT'} = 'off';
-$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
-$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
-$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
-$snortsettings{'ACTION'} = '';
-$snortsettings{'RULES'} = '';
-$snortsettings{'OINKCODE'} = '';
-$snortsettings{'INSTALLDATE'} = '';
-$snortsettings{'FILE'} = '';
-$snortsettings{'UPLOAD'} = '';
-
-&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
-
-####################### Added for snort rules control #################################
-my $snortrulepath; # change to "/etc/snort/rules" - maniac
-my @snortconfig;
-my $restartsnortrequired = 0;
-my %snortrules;
-my $rule = '';
-my $table1colour = '';
-my $table2colour = '';
-my $var = '';
-my $value = '';
-my $tmp = '';
-my $linkedrulefile = '';
-my $border = '';
-my $checkboxname = '';
-
-if (-e "/etc/snort/snort.conf") {
-
-
- # Open snort.conf file, read it in, close it, and re-open for writing
- open(FILE, "/etc/snort/snort.conf") or die 'Unable to read snort config file.';
- @snortconfig = <FILE>;
- close(FILE);
- open(FILE, ">/etc/snort/snort.conf") or die 'Unable to write snort config file.';
-
- my @rules = `cd /etc/snort/rules/ && ls *.rules 2>/dev/null`; # With this loop the rule might be display with correct rulepath set
- foreach (@rules) {
- chomp $_;
- my $temp = join(";",@snortconfig);
- if ( $temp =~ /$_/ ){next;}
- else { push(@snortconfig,"#include \$RULE_PATH/".$_);}
- }
-
- # Loop over each line
- foreach my $line (@snortconfig) {
- # Trim the line
- chomp $line;
+#Get GUI values
+&Header::getcgihash(\%cgiparams);
- # Check for a line with .rules
- if ($line =~ /\.rules$/) {
- # Parse out rule file name
- $rule = $line;
- $rule =~ s/\$RULE_PATH\///i;
- $rule =~ s/ ?include ?//i;
- $rule =~ s/\#//i;
- my $snortrulepathrule = "$snortrulepath/$rule";
-
- # Open rule file and read in contents
- open(RULEFILE, "$snortrulepath/$rule") or die "Unable to read snort rule file for reading => $snortrulepath/$rule.";
- my @snortrulefile = <RULEFILE>;
- close(RULEFILE);
- open(RULEFILE, ">$snortrulepath/$rule") or die "Unable to write snort rule file for writing $snortrulepath/$rule";
+## Add/edit an entry to the ignore file.
+#
+if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq $Lang::tr{'update'})) {
- # Local vars
- my $dashlinecnt = 0;
- my $desclook = 1;
- my $snortruledesc = '';
- my %snortruledef = ();
- my $rulecnt = 1;
-
- # Loop over rule file contents
- foreach my $ruleline (@snortrulefile) {
- chomp $ruleline;
-
- # If still looking for a description
- if ($desclook) {
- # If line does not start with a # anymore, then done looking for a description
- if ($ruleline !~ /^\#/) {
- $desclook = 0;
- }
+ # Check if any input has been performed.
+ if ($cgiparams{'IGNORE_ENTRY_ADDRESS'} ne '') {
- # If see more than one dashed line, (start to) create rule file description
- if ($dashlinecnt > 1) {
- # Check for a line starting with a #
- if ($ruleline =~ /^\#/ and $ruleline !~ /^\#alert/) {
- # Create tempruleline
- my $tempruleline = $ruleline;
-
- # Strip off # and clean up line
- $tempruleline =~ s/\# ?//i;
-
- # Check for part of a description
- if ($snortruledesc eq '') {
- $snortruledesc = $tempruleline;
- } else {
- $snortruledesc .= " $tempruleline";
- }
- } else {
- # Must be done
- $desclook = 0;
- }
- }
+ # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
+ if ((!&General::validip($cgiparams{'IGNORE_ENTRY_ADDRESS'})) && (!&General::validipandmask($cgiparams{'IGNORE_ENTRY_ADDRESS'}))) {
+ $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+ }
+ } else {
+ $errormessage = "$Lang::tr{'guardian empty input'}";
+ }
- # If have a dashed line, increment count
- if ($ruleline =~ /\# ?\-+/) {
- $dashlinecnt++;
- }
- } else {
- # Parse out rule file rule's message for display
- if ($ruleline =~ /(msg\:\"[^\"]+\";)/) {
- my $msg = '';
- $msg = $1;
- $msg =~ s/msg\:\"//i;
- $msg =~ s/\";//i;
- $snortruledef{$rulecnt}{'Description'} = $msg;
-
- # Check for 'Save' and rule file displayed in query string
- if (($snortsettings{'ACTION'} eq $Lang::tr{'update'}) && ($ENV{'QUERY_STRING'} =~ /$rule/i)) {
- # Check for a disable rule which is now enabled, or an enabled rule which is now disabled
- if ((($ruleline =~ /^\#/) && (exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"})) || (($ruleline !~ /^\#/) && (!exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"}))) {
- $restartsnortrequired = 1;
- }
-
- # Strip out leading # from rule line
- $ruleline =~ s/\# ?//i;
-
- # Check if it does not exists (which means it is disabled), append a #
- if (!exists $snortsettings{"SNORT_RULE_$rule\_$rulecnt"}) {
- $ruleline = "#"." $ruleline";
- }
- }
-
- # Check if ruleline does not begin with a #, so it is enabled
- if ($ruleline !~ /^\#/) {
- $snortruledef{$rulecnt++}{'State'} = 'Enabled';
- } else {
- # Otherwise it is disabled
- $snortruledef{$rulecnt++}{'State'} = 'Disabled';
- }
- }
- }
+ # Go further if there was no error.
+ if ($errormessage eq '') {
+ my %ignored = ();
+ my $id;
+ my $status;
- # Print ruleline to RULEFILE
- print RULEFILE "$ruleline\n";
- }
+ # Assign hash values.
+ my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
+ my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
- # Close RULEFILE
- close(RULEFILE);
+ # Read-in ignoredfile.
+ &General::readhasharray($IDS::ignored_file, \%ignored);
- # Check for 'Save'
- if ($snortsettings{'ACTION'} eq $Lang::tr{'update'}) {
- # Check for a disable rule which is now enabled, or an enabled rule which is now disabled
- if ((($line =~ /^\#/) && (exists $snortsettings{"SNORT_RULE_$rule"})) || (($line !~ /^\#/) && (!exists $snortsettings{"SNORT_RULE_$rule"}))) {
- $restartsnortrequired = 1;
- }
+ # Check if we should edit an existing entry and got an ID.
+ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
+ # Assin the provided id.
+ $id = $cgiparams{'ID'};
- # Strip out leading # from rule line
- $line =~ s/\# ?//i;
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
- # Check if it does not exists (which means it is disabled), append a #
- if (!exists $snortsettings{"SNORT_RULE_$rule"}) {
- $line = "# $line";
- }
+ # Grab the configured status of the corresponding entry.
+ $status = $ignored{$id}[2];
+ } else {
+ # Each newly added entry automatically should be enabled.
+ $status = "enabled";
- }
+ # Generate the ID for the new entry.
+ #
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %ignored;
- # Check for rule state
- if ($line =~ /^\#/) {
- $snortrules{$rule}{"State"} = "Disabled";
- } else {
- $snortrules{$rule}{"State"} = "Enabled";
- }
+ # Reverse the key array.
+ my @reversed = reverse(@keys);
- # Set rule description
- $snortrules{$rule}{"Description"} = $snortruledesc;
+ # Obtain the last used id.
+ my $last_id = @reversed[0];
- # Loop over sorted rules
- foreach my $ruledef (sort {$a <=> $b} keys(%snortruledef)) {
- $snortrules{$rule}{"Definition"}{$ruledef}{'Description'} = $snortruledef{$ruledef}{'Description'};
- $snortrules{$rule}{"Definition"}{$ruledef}{'State'} = $snortruledef{$ruledef}{'State'};
- }
+ # Increase the last id by one and use it as id for the new entry.
+ $id = ++$last_id;
+ }
+
+ # Add/Modify the entry to/in the ignored hash.
+ $ignored{$id} = ["$new_entry_address", "$new_entry_remark", "$status"];
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($IDS::ignored_file, \%ignored);
+
+ # Regenerate the ignore file.
+ &IDS::generate_ignore_file();
+ }
- $snortruledesc = '';
- print FILE "$line\n";
- } elsif ($line =~ /var RULE_PATH/) {
- ($tmp, $tmp, $snortrulepath) = split(' ', $line);
- print FILE "$line\n";
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
+ }
+
+## Toggle Enabled/Disabled for an existing entry on the ignore list.
+#
+
+} elsif ($cgiparams{'WHITELIST'} eq $Lang::tr{'toggle enable disable'}) {
+ my %ignored = ();
+
+ # Only go further, if an ID has been passed.
+ if ($cgiparams{'ID'}) {
+ # Assign the given ID.
+ my $id = $cgiparams{'ID'};
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Read-in ignoredfile.
+ &General::readhasharray($IDS::ignored_file, \%ignored);
+
+ # Grab the configured status of the corresponding entry.
+ my $status = $ignored{$id}[2];
+
+ # Switch the status.
+ if ($status eq "disabled") {
+ $status = "enabled";
} else {
- print FILE "$line\n";
+ $status = "disabled";
+ }
+
+ # Modify the status of the existing entry.
+ $ignored{$id} = ["$ignored{$id}[0]", "$ignored{$id}[1]", "$status"];
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($IDS::ignored_file, \%ignored);
+
+ # Regenerate the ignore file.
+ &IDS::generate_ignore_file();
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
}
}
- close(FILE);
- if ($restartsnortrequired) {
- system('/usr/local/bin/snortctrl restart >/dev/null');
+## Remove entry from ignore list.
+#
+} elsif ($cgiparams{'WHITELIST'} eq $Lang::tr{'remove'}) {
+ my %ignored = ();
+
+ # Read-in ignoredfile.
+ &General::readhasharray($IDS::ignored_file, \%ignored);
+
+ # Drop entry from the hash.
+ delete($ignored{$cgiparams{'ID'}});
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Write the changed ignored hash to the ignored file.
+ &General::writehasharray($IDS::ignored_file, \%ignored);
+
+ # Regenerate the ignore file.
+ &IDS::generate_ignore_file();
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
}
}
-####################### End added for snort rules control #################################
+# Check if the page is locked, in this case, the ids_page_lock_file exists.
+if (-e $IDS::ids_page_lock_file) {
+ # Lock the webpage and print notice about autoupgrade of the ruleset
+ # is in progess.
+ &working_notice("$Lang::tr{'ids ruleset autoupdate in progress'}");
-if ($snortsettings{'OINKCODE'} ne "") {
- $errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
+ # Loop and check if the file still exists.
+ while(-e $IDS::ids_page_lock_file) {
+ # Sleep for a second and re-check.
+ sleep 1;
+ }
+
+ # Page has been unlocked, perform a reload.
+ &reload();
}
-if (!$errormessage) {
- if ($snortsettings{'RULES'} eq 'subscripted') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
- } elsif ($snortsettings{'RULES'} eq 'registered') {
- $url=" https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
- } elsif ($snortsettings{'RULES'} eq 'community') {
- $url=" https://www.snort.org/rules/community";
- } else {
- $url="https://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
+# Check if any error has been stored.
+if (-e $IDS::storederrorfile) {
+ # Open file to read in the stored error message.
+ open(FILE, "<$IDS::storederrorfile") or die "Could not open $IDS::storederrorfile. $!\n";
+
+ # Read the stored error message.
+ $errormessage = <FILE>;
+
+ # Close file.
+ close (FILE);
+
+ # Delete the file, which is now not longer required.
+ unlink($IDS::storederrorfile);
+}
+
+## Grab all available rules and store them in the idsrules hash.
+#
+# Open rules directory and do a directory listing.
+opendir(DIR, $IDS::rulespath) or die $!;
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
+
+ # We only want files.
+ next unless (-f "$IDS::rulespath/$file");
+
+ # Ignore empty files.
+ next if (-z "$IDS::rulespath/$file");
+
+ # Use a regular expression to find files ending in .rules
+ next unless ($file =~ m/\.rules$/);
+
+ # Ignore files which are not read-able.
+ next unless (-R "$IDS::rulespath/$file");
+
+ # Skip whitelist rules file.
+ next if( $file eq "whitelist.rules");
+
+ # Call subfunction to read-in rulefile and add rules to
+ # the idsrules hash.
+ &readrulesfile("$file");
}
- if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
- &General::writehash("${General::swroot}/snort/settings", \%snortsettings);
- if ($snortsettings{'ENABLE_SNORT'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/snort/enable");
- } else {
- unlink "${General::swroot}/snort/enable";
- }
- if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
- } else {
- unlink "${General::swroot}/snort/enable_green";
- }
- if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
- } else {
- unlink "${General::swroot}/snort/enable_blue";
+closedir(DIR);
+
+# Gather used rulefiles.
+#
+# Check if the file for activated rulefiles is not empty.
+if(-f $IDS::used_rulefiles_file) {
+ # Open the file for used rulefile and read-in content.
+ open(FILE, $IDS::used_rulefiles_file) or die "Could not open $IDS::used_rulefiles_file. $!\n";
+
+ # Read-in content.
+ my @lines = <FILE>;
+
+ # Close file.
+ close(FILE);
+
+ # Loop through the array.
+ foreach my $line (@lines) {
+ # Remove newlines.
+ chomp($line);
+
+ # Skip comments.
+ next if ($line =~ /\#/);
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Gather rule sid and message from the ruleline.
+ if ($line =~ /.*- (.*)/) {
+ my $rulefile = $1;
+
+ # Check if the current rulefile exists in the %idsrules hash.
+ # If not, the file probably does not exist anymore or contains
+ # no rules.
+ if($idsrules{$rulefile}) {
+ # Add the rulefile state to the %idsrules hash.
+ $idsrules{$rulefile}{'Rulefile'}{'State'} = "on";
+ }
}
- if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
+ }
+}
+
+# Save ruleset configuration.
+if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
+ my %oldsettings;
+ my %rulesetsources;
+
+ # Read-in current (old) IDS settings.
+ &General::readhash("$IDS::rules_settings_file", \%oldsettings);
+
+ # Get all available ruleset locations.
+ &General::readhash("$IDS::rulesetsourcesfile", \%rulesetsources);
+
+ # Prevent form name from been stored in conf file.
+ delete $cgiparams{'RULESET'};
+
+ # Grab the URL based on the choosen vendor.
+ my $url = $rulesetsources{$cgiparams{'RULES'}};
+
+ # Check if the choosen vendor (URL) requires an subscription/oinkcode.
+ if ($url =~ /\<oinkcode\>/ ) {
+ # Check if an subscription/oinkcode has been provided.
+ if ($cgiparams{'OINKCODE'}) {
+ # Check if the oinkcode contains unallowed chars.
+ unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for oink code'};
+ }
} else {
- unlink "${General::swroot}/snort/enable_orange";
+ # Print an error message, that an subsription/oinkcode is required for this
+ # vendor.
+ $errormessage = $Lang::tr{'ids oinkcode required'};
}
- if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
- {
- system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
- } else {
- unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
+ }
+
+ # Go on if there are no error messages.
+ if (!$errormessage) {
+ # Store settings into settings file.
+ &General::writehash("$IDS::rules_settings_file", \%cgiparams);
+
+ # Check if the the automatic rule update hass been touched.
+ if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
+ # Call suricatactrl to set the new interval.
+ &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
}
- system('/usr/local/bin/snortctrl restart >/dev/null');
- }
+ # Check if a ruleset is present - if not or the source has been changed download it.
+ if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
+ # Check if the red device is active.
+ unless (-e "${General::swroot}/red/active") {
+ $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+ }
+
+ # Check if enought free disk space is availabe.
+ if(&IDS::checkdiskspace()) {
+ $errormessage = "$Lang::tr{'not enough disk space'}";
+ }
- # INSTALLMD5 is not in the form, so not retrieved by getcgihash
- &General::readhash("${General::swroot}/snort/settings", \%snortsettings);
+ # Check if any errors happend.
+ unless ($errormessage) {
+ # Lock the webpage and print notice about downloading
+ # a new ruleset.
+ &working_notice("$Lang::tr{'ids working'}");
- if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} || $snortsettings{'ACTION'} eq $Lang::tr{'upload new ruleset'}) {
- my @df = `/bin/df -B M /var`;
- foreach my $line (@df) {
- next if $line =~ m/^Filesystem/;
- my $return;
+ # Call subfunction to download the ruleset.
+ if(&IDS::downloadruleset()) {
+ $errormessage = $Lang::tr{'could not download latest updates'};
- if ($line =~ m/dev/ ) {
- $line =~ m/^.* (\d+)M.*$/;
- my @temp = split(/ +/,$line);
- if ($1<300) {
- $errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
+ # Call function to store the errormessage.
+ &IDS::_store_error_message($errormessage);
} else {
- if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
- &downloadrulesfile();
- sleep(3);
- $return = `cat /var/tmp/log 2>/dev/null`;
-
- } elsif ( $snortsettings{'ACTION'} eq $Lang::tr{'upload new ruleset'}) {
- my $upload = $a->param("UPLOAD");
- open UPLOADFILE, ">/var/tmp/snortrules.tar.gz";
- binmode $upload;
- while ( <$upload> ) {
- print UPLOADFILE;
- }
- close UPLOADFILE;
- }
+ # Call subfunction to launch oinkmaster.
+ &IDS::oinkmaster();
+ }
- if ($return =~ "ERROR") {
- $errormessage = "<br /><pre>".$return."</pre>";
- } else {
- system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
- sleep(2);
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to stop the IDS - because of the changed
+ # ruleset - the use has to configure it before suricata can be
+ # used again.
+ &IDS::call_suricatactrl("stop");
+ }
+
+ # Perform a reload of the page.
+ &reload();
+ }
+ }
+ }
+
+# Save ruleset.
+} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
+ # Arrays to store which rulefiles have been enabled and will be used.
+ my @enabled_rulefiles;
+
+ # Hash to store the user-enabled and disabled sids.
+ my %enabled_disabled_sids;
+
+ # Loop through the hash of idsrules.
+ foreach my $rulefile(keys %idsrules) {
+ # Check if the rulefile is enabled.
+ if ($cgiparams{$rulefile} eq "on") {
+ # Add rulefile to the array of enabled rulefiles.
+ push(@enabled_rulefiles, $rulefile);
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$rulefile};
+ }
+ }
+
+ # Read-in the files for enabled/disabled sids.
+ # This will be done by calling the read_enabled_disabled_sids_file function two times
+ # and merge the returned hashes together into the enabled_disabled_sids hash.
+ %enabled_disabled_sids = (
+ &read_enabled_disabled_sids_file($IDS::disabled_sids_file),
+ &read_enabled_disabled_sids_file($IDS::enabled_sids_file));
+
+ # Loop through the hash of idsrules.
+ foreach my $rulefile (keys %idsrules) {
+ # Loop through the single rules of the rulefile.
+ foreach my $sid (keys %{$idsrules{$rulefile}}) {
+ # Skip the current sid if it is not numeric.
+ next unless ($sid =~ /\d+/ );
+
+ # Check if there exists a key in the cgiparams hash for this sid.
+ if (exists($cgiparams{$sid})) {
+ # Look if the rule is disabled.
+ if ($idsrules{$rulefile}{$sid}{'State'} eq "off") {
+ # Check if the state has been set to 'on'.
+ if ($cgiparams{$sid} eq "on") {
+ # Add/Modify the sid to/in the enabled_disabled_sids hash.
+ $enabled_disabled_sids{$sid} = "enabled";
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$rulefile}{$sid};
}
}
+ } else {
+ # Look if the rule is enabled.
+ if ($idsrules{$rulefile}{$sid}{'State'} eq "on") {
+ # Check if the state is 'on' and should be disabled.
+ # In this case there is no entry
+ # for the sid in the cgiparams hash.
+ # Add/Modify it to/in the enabled_disabled_sids hash.
+ $enabled_disabled_sids{$sid} = "disabled";
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$rulefile}{$sid};
+ }
+ }
+ }
+ }
+
+ # Open enabled sid's file for writing.
+ open(ENABLED_FILE, ">$IDS::enabled_sids_file") or die "Could not write to $IDS::enabled_sids_file. $!\n";
+
+ # Open disabled sid's file for writing.
+ open(DISABLED_FILE, ">$IDS::disabled_sids_file") or die "Could not write to $IDS::disabled_sids_file. $!\n";
+
+ # Write header to the files.
+ print ENABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+ print DISABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Check if the hash for enabled/disabled files contains any entries.
+ if (%enabled_disabled_sids) {
+ # Loop through the hash.
+ foreach my $sid (keys %enabled_disabled_sids) {
+ # Check if the sid is enabled.
+ if ($enabled_disabled_sids{$sid} eq "enabled") {
+ # Print the sid to the enabled_sids file.
+ print ENABLED_FILE "enablesid $sid\n";
+ # Check if the sid is disabled.
+ } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
+ # Print the sid to the disabled_sids file.
+ print DISABLED_FILE "disablesid $sid\n";
+ # Something strange happende - skip the current sid.
+ } else {
+ next;
+ }
+ }
+ }
+
+ # Close file for enabled_sids after writing.
+ close(ENABLED_FILE);
+
+ # Close file for disabled_sids after writing.
+ close(DISABLED_FILE);
+
+ # Call function to generate and write the used rulefiles file.
+ &IDS::write_used_rulefiles_file(@enabled_rulefiles);
+
+ # Lock the webpage and print message.
+ &working_notice("$Lang::tr{'ids apply ruleset changes'}");
+
+ # Call oinkmaster to alter the ruleset.
+ &IDS::oinkmaster();
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
+ }
+
+ # Reload page.
+ &reload();
+
+# Download new ruleset.
+} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'update ruleset'}) {
+ # Check if the red device is active.
+ unless (-e "${General::swroot}/red/active") {
+ $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+ }
+
+ # Check if enought free disk space is availabe.
+ if(&IDS::checkdiskspace()) {
+ $errormessage = "$Lang::tr{'not enough disk space'}";
+ }
+
+ # Check if any errors happend.
+ unless ($errormessage) {
+ # Lock the webpage and print notice about downloading
+ # a new ruleset.
+ &working_notice("$Lang::tr{'ids download new ruleset'}");
+
+ # Call subfunction to download the ruleset.
+ if(&IDS::downloadruleset()) {
+ $errormessage = $Lang::tr{'could not download latest updates'};
+
+ # Call function to store the errormessage.
+ &IDS::_store_error_message($errormessage);
+
+ # Preform a reload of the page.
+ &reload();
+ } else {
+ # Call subfunction to launch oinkmaster.
+ &IDS::oinkmaster();
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
}
+
+ # Perform a reload of the page.
+ &reload();
}
}
+# Save IDS settings.
+} elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
+ my %oldidssettings;
+ my $reload_page;
+ my $monitored_zones = 0;
+
+ # Read-in current (old) IDS settings.
+ &General::readhash("$IDS::ids_settings_file", \%oldidssettings);
+
+ # Prevent form name from been stored in conf file.
+ delete $cgiparams{'IDS'};
+
+ # Check if the IDS should be enabled.
+ if ($cgiparams{'ENABLE_IDS'} eq "on") {
+ # Check if any ruleset is available. Otherwise abort and display an error.
+ unless(%idsrules) {
+ $errormessage = $Lang::tr{'ids no ruleset available'};
+ }
+
+ # Loop through the array of available interfaces.
+ foreach my $zone (@network_zones) {
+ # Convert interface name into upper case.
+ my $zone_upper = uc($zone);
+
+ # Check if the IDS is enabled for this interaces.
+ if ($cgiparams{"ENABLE_IDS_$zone_upper"}) {
+ # Increase count.
+ $monitored_zones++;
+ }
+ }
+
+ # Check if at least one zone should be monitored, or show an error.
+ unless ($monitored_zones >= 1) {
+ $errormessage = $Lang::tr{'ids no network zone'};
+ }
+ }
+
+ # Go on if there are no error messages.
+ if (!$errormessage) {
+ # Store settings into settings file.
+ &General::writehash("$IDS::ids_settings_file", \%cgiparams);
+ }
+
+ # Generate file to store the home net.
+ &IDS::generate_home_net_file();
+
+ # Temporary variable to set the ruleaction.
+ # Default is "drop" to use suricata as IPS.
+ my $ruleaction="drop";
+
+ # Check if the traffic only should be monitored.
+ if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
+ # Switch the ruleaction to "alert".
+ # Suricata acts as an IDS only.
+ $ruleaction="alert";
+ }
+
+ # Write the modify sid's file and pass the taken ruleaction.
+ &IDS::write_modify_sids_file($ruleaction);
+
+ # Check if "MONITOR_TRAFFIC_ONLY" has been changed.
+ if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {
+ # Check if a ruleset exists.
+ if (%idsrules) {
+ # Lock the webpage and print message.
+ &working_notice("$Lang::tr{'ids working'}");
+
+ # Call oinkmaster to alter the ruleset.
+ &IDS::oinkmaster();
+
+ # Set reload_page to "True".
+ $reload_page="True";
+ }
+ }
+
+ # Check if the IDS currently is running.
+ if(&IDS::ids_is_running()) {
+ # Check if ENABLE_IDS is set to on.
+ if($cgiparams{'ENABLE_IDS'} eq "on") {
+ # Call suricatactrl to perform a reload of suricata.
+ &IDS::call_suricatactrl("reload");
+ } else {
+ # Call suricatactrl to stop suricata.
+ &IDS::call_suricatactrl("stop");
+ }
+ } else {
+ # Call suricatactrl to start suricata.
+ &IDS::call_suricatactrl("start");
+ }
+
+ # Check if the page should be reloaded.
+ if ($reload_page) {
+ # Perform a reload of the page.
+ &reload();
+ }
+}
+
+# Read-in idssettings and rulesetsettings
+&General::readhash("$IDS::ids_settings_file", \%idssettings);
+&General::readhash("$IDS::rules_settings_file", \%rulessettings);
+
+# If no autoupdate intervall has been configured yet, set default value.
+unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) {
+ # Set default to "weekly".
+ $rulessettings{'AUTOUPDATE_INTERVAL'} = 'weekly';
}
-$checked{'ENABLE_SNORT'}{'off'} = '';
-$checked{'ENABLE_SNORT'}{'on'} = '';
-$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
-$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
-$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
-$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
-$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
-$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
-$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
-$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
-$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
-$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
+# Read-in ignored hosts.
+&General::readhasharray("$IDS::settingsdir/ignored", \%ignored);
+
+$checked{'ENABLE_IDS'}{'off'} = '';
+$checked{'ENABLE_IDS'}{'on'} = '';
+$checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'";
+$checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = '';
+$checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = '';
+$checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
-$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
+$selected{'RULES'}{$rulessettings{'RULES'}} = "selected='selected'";
+$selected{'AUTOUPDATE_INTERVAL'}{'off'} = '';
+$selected{'AUTOUPDATE_INTERVAL'}{'daily'} = '';
+$selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = '';
+$selected{'AUTOUPDATE_INTERVAL'}{$rulessettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'";
&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
-####################### Added for snort rules control #################################
-print "<script type='text/javascript' src='/include/snortupdateutility.js'></script>";
+### Java Script ###
+print"<script>\n";
+
+# Java script variable declaration for show and hide.
+print"var show = \"$Lang::tr{'ids show'}\"\;\n";
+print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
+
print <<END
-<style type="text/css">
-<!--
-.section {
- border: groove;
-}
-.row1color {
- border: ridge;
- background-color: $color{'color22'};
-}
-.row2color {
- border: ridge;
- background-color: $color{'color20'};
-}
-.rowselected {
- border: double #FF0000;
- background-color: #DCDCDC;
-}
--->
-</style>
+ // JQuery function to show/hide the text input field for
+ // Oinkcode/Subscription code.
+ \$(function() {
+ \$('#RULES').change(function(){
+ if(\$('#RULES').val() == 'registered') {
+ \$('#code').show();
+ } else if(\$('#RULES').val() == 'subscripted') {
+ \$('#code').show();
+ } else if(\$('#RULES').val() == 'emerging_pro') {
+ \$('#code').show();
+ } else {
+ \$('#code').hide();
+ }
+ });
+ });
+
+ // Tiny java script function to show/hide the rules
+ // of a given category.
+ function showhide(tblname) {
+ \$("#" + tblname).toggle();
+
+ // Get current content of the span element.
+ var content = document.getElementById("span_" + tblname);
+
+ if (content.innerHTML === show) {
+ content.innerHTML = hide;
+ } else {
+ content.innerHTML = show;
+ }
+ }
+</script>
END
;
-####################### End added for snort rules control #################################
&Header::openbigbox('100%', 'left', '', $errormessage);
-###############
-# DEBUG DEBUG
-# &Header::openbox('100%', 'left', 'DEBUG');
-# my $debugCount = 0;
-# foreach my $line (sort keys %snortsettings) {
-# print "$line = $snortsettings{$line}<br />\n";
-# $debugCount++;
-# }
-# print " Count: $debugCount\n";
-# &Header::closebox();
-# DEBUG DEBUG
-###############
-
if ($errormessage) {
&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
print "<class name='base'>$errormessage\n";
&Header::closebox();
}
-my $return = `pidof oinkmaster.pl -x`;
-chomp($return);
-if ($return) {
- &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
+# Draw current state of the IDS
+&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
+
+# Check if the IDS is running and obtain the process-id.
+my $pid = &IDS::ids_is_running();
+
+# Display some useful information, if suricata daemon is running.
+if ($pid) {
+ # Gather used memory.
+ my $memory = &get_memory_usage($pid);
+
print <<END;
- <table>
- <tr><td>
- <img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />
- <td>
- $Lang::tr{'snort working'}
- <tr><td colspan='2' align='center'>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
- </form>
- <tr><td colspan='2' align='left'><pre>
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
+ </tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
+ </tr>
+
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
+ </tr>
+
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color22'}' align='center'>$pid</td>
+ <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
+ </tr>
+ </table>
END
- my @output = `tail -20 /var/tmp/log`;
- foreach (@output) {
- print "$_";
- }
+} else {
+ # Otherwise display a hint that the service is not launched.
print <<END;
- </pre>
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
+ </tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
+ </tr>
</table>
END
- &Header::closebox();
- &Header::closebigbox();
- &Header::closepage();
- exit;
- refreshpage();
}
-&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
+# Only show this area, if a ruleset is present.
+if (%idsrules) {
+
+ print <<END
+
+ <br><br><h2>$Lang::tr{'settings'}</h2>
+
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr>
+ <td class='base' colspan='2'>
+ <input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}> $Lang::tr{'ids enable'}
+ </td>
+
+ <td class='base' colspan='2'>
+ <input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}> $Lang::tr{'ids monitor traffic only'}
+ </td>
+ </tr>
+
+ <tr>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ </tr>
+
+ <tr>
+ <td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
+ </tr>
+
+ <tr>
+END
+;
+
+ # Loop through the array of available networks and print config options.
+ foreach my $zone (@network_zones) {
+ my $checked_input;
+ my $checked_forward;
+
+ # Convert current zone name to upper case.
+ my $zone_upper = uc($zone);
+
+ # Set zone name.
+ my $zone_name = $zone;
+
+ # Dirty hack to get the correct language string for the red zone.
+ if ($zone eq "red") {
+ $zone_name = "red1";
+ }
+
+ # Grab checkbox status from settings hash.
+ if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") {
+ $checked_input = "checked = 'checked'";
+ }
+
+ print "<td class='base' width='25%'>\n";
+ print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
+ print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
+ print "</td>\n";
+ }
+
print <<END
-<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
-<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
+ </tr>
+ </table>
+
+ <br><br>
+
+ <table width='100%'>
+ <tr>
+ <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td>
+ </tr>
+ </table>
+ </form>
END
;
-if ($netsettings{'BLUE_DEV'} ne '') {
- print " <input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
-}
-if ($netsettings{'ORANGE_DEV'} ne '') {
- print " <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
+
}
- print " <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
+
+&Header::closebox();
+
+# Draw elements for ruleset configuration.
+&Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'});
print <<END
-</td></tr>
-<tr>
- <td><br><br></td>
-</tr>
-<tr>
- <td><b>$Lang::tr{'ids rules update'}</b></td>
-</tr>
-<tr>
- <td><select name='RULES'>
- <option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr>
+ <td><b>$Lang::tr{'ids rules update'}</b></td>
+ <td><b>$Lang::tr{'ids automatic rules update'}</b></td>
+ </tr>
+
+ <tr>
+ <td><select name='RULES' id='RULES'>
<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
+ <option value='emerging_pro' $selected{'RULES'}{'emerging_pro'} >$Lang::tr{'emerging pro rules'}</option>
<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
</select>
- </td>
-</tr>
-<tr>
- <td><br />
- $Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
- $Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
- </td>
-</tr>
-<tr>
- <td nowrap='nowrap'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
-</tr>
-<tr>
- <td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
+ </td>
+
+ <td>
+ <select name='AUTOUPDATE_INTERVAL'>
+ <option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option>
+ <option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option>
+ <option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option>
+ </select>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan='2'><br><br></td>
+ </tr>
+
+ <tr style='display:none' id='code'>
+ <td colspan='2'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$rulessettings{'OINKCODE'}'></td>
+ </tr>
+
+ <tr>
+ <td> </td>
+
+ <td align='right'>
END
;
-if ( -e "/var/tmp/snortrules.tar.gz"){
- my @Info = stat("/var/tmp/snortrules.tar.gz");
- $snortsettings{'INSTALLDATE'} = localtime($Info[9]);
-}
-print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
+ # Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled.
+ if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) {
+ # Display button to update the ruleset.
+ print"<input type='submit' name='RULESET' value='$Lang::tr{'update ruleset'}'>\n";
+ }
+print <<END;
+ <input type='submit' name='RULESET' value='$Lang::tr{'save'}'>
+ </td>
-print <<END
-</tr>
-</table>
-<br><br>
-<table width='100%'>
-<tr>
- <td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
-</tr>
-</table>
+ </tr>
+ </table>
</form>
END
;
-if ($results ne '') {
- print "$results";
-}
+&Header::closebox();
+
+#
+# Whitelist / Ignorelist
+#
+&Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'});
+
+print <<END;
+ <table width='100%'>
+ <tr>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td>
+ <td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
+ </tr>
+END
+ # Check if some hosts have been added to be ignored.
+ if (keys (%ignored)) {
+ my $col = "";
+
+ # Loop through all entries of the hash.
+ while( (my $key) = each %ignored) {
+ # Assign data array positions to some nice variable names.
+ my $address = $ignored{$key}[0];
+ my $remark = $ignored{$key}[1];
+ my $status = $ignored{$key}[2];
+
+ # Check if the key (id) number is even or not.
+ if ($cgiparams{'ID'} eq $key) {
+ $col="bgcolor='${Header::colouryellow}'";
+ } elsif ($key % 2) {
+ $col="bgcolor='$color{'color22'}'";
+ } else {
+ $col="bgcolor='$color{'color20'}'";
+ }
+
+ # Choose icon for the checkbox.
+ my $gif;
+ my $gdesc;
+
+ # Check if the status is enabled and select the correct image and description.
+ if ($status eq 'enabled' ) {
+ $gif = 'on.gif';
+ $gdesc = $Lang::tr{'click to disable'};
+ } else {
+ $gif = 'off.gif';
+ $gdesc = $Lang::tr{'click to enable'};
+ }
+
+print <<END;
+ <tr>
+ <td width='20%' class='base' $col>$address</td>
+ <td width='65%' class='base' $col>$remark</td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='WHITELIST' value='$Lang::tr{'toggle enable disable'}' />
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
+ <input type='hidden' name='ID' value='$key' />
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='WHITELIST' value='$Lang::tr{'edit'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
+ <input type='hidden' name='ID' value='$key' />
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'>
+ <input type='hidden' name='ID' value='$key'>
+ <input type='hidden' name='WHITELIST' value='$Lang::tr{'remove'}'>
+ </form>
+ </td>
+ </tr>
+END
+ }
+ } else {
+ # Print notice that currently no hosts are ignored.
+ print "<tr>\n";
+ print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
+ print "</tr>\n";
+ }
+
+ print "</table>\n";
+
+ # Section to add new elements or edit existing ones.
+print <<END;
+ <br>
+ <hr>
+ <br>
+
+ <div align='center'>
+ <table width='100%'>
+END
+
+ # Assign correct headline and button text.
+ my $buttontext;
+ my $entry_address;
+ my $entry_remark;
+
+ # Check if an ID (key) has been given, in this case an existing entry should be edited.
+ if ($cgiparams{'ID'} ne '') {
+ $buttontext = $Lang::tr{'update'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
+
+ # Grab address and remark for the given key.
+ $entry_address = $ignored{$cgiparams{'ID'}}[0];
+ $entry_remark = $ignored{$cgiparams{'ID'}}[1];
+ } else {
+ $buttontext = $Lang::tr{'add'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
+ }
+
+print <<END;
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ID' value='$cgiparams{'ID'}'>
+ <tr>
+ <td width='30%'>$Lang::tr{'ip address'}: </td>
+ <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
+
+ <td width='30%'>$Lang::tr{'remark'}: </td>
+ <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
+ <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
+ </tr>
+ </form>
+ </table>
+ </div>
+END
&Header::closebox();
-####################### Added for snort rules control #################################
-if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
- # Output display table for rule files
- print "<table width='100%'><tr><td valign='top'><table>";
+# Only show the section for configuring the ruleset if one is present.
+if (%idsrules) {
+ # Load neccessary perl modules for file stat and to format the timestamp.
+ use File::stat;
+ use POSIX qw( strftime );
- print "<form method='post'>";
+ # Call stat on the rulestarball.
+ my $stat = stat("$IDS::rulestarball");
- # Local vars
- my $ruledisplaycnt = 1;
- my $rulecnt = keys %snortrules;
- $rulecnt++;
- $rulecnt = $rulecnt / 2;
+ # Get timestamp the file creation.
+ my $mtime = $stat->mtime;
- # Loop over each rule file
- foreach my $rulefile (sort keys(%snortrules)) {
- my $rulechecked = '';
+ # Convert into human read-able format.
+ my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
- # Hide inkompatible Block rules
- if ($rulefile =~'-BLOCK.rules') {
- next;
- }
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );
- # Check if reached half-way through rule file rules to start new column
- if ($ruledisplaycnt > $rulecnt) {
- print "</table></td><td valign='top'><table>";
- $ruledisplaycnt = 0;
- }
+ print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
+
+ # Output display table for rule files
+ print "<table width='100%'>\n";
+
+ # Loop over each rule file
+ foreach my $rulefile (sort keys(%idsrules)) {
+ my $rulechecked = '';
# Check if rule file is enabled
- if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
+ if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') {
$rulechecked = 'CHECKED';
}
- # Create rule file link, vars array, and display flag
- my $rulefilelink = "?RULEFILE=$rulefile";
- my $rulefiletoclose = '';
- my @queryvars = ();
- my $displayrulefilerules = 0;
-
- # Check for passed in query string
- if ($ENV{'QUERY_STRING'}) {
- # Split out vars
- @queryvars = split(/\&/, $ENV{'QUERY_STRING'});
-
- # Loop over values
- foreach $value (@queryvars) {
- # Split out var pairs
- ($var, $linkedrulefile) = split(/=/, $value);
-
- # Check if var is 'RULEFILE'
- if ($var eq 'RULEFILE') {
- # Check if rulefile equals linkedrulefile
- if ($rulefile eq $linkedrulefile) {
- # Set display flag
- $displayrulefilerules = 1;
-
- # Strip out rulefile from rulefilelink
- $rulefilelink =~ s/RULEFILE=$linkedrulefile//g;
- } else {
- # Add linked rule file to rulefilelink
- $rulefilelink .= "&RULEFILE=$linkedrulefile";
- }
- }
- }
- }
+ # Convert rulefile name into category name.
+ my $categoryname = &_rulefile_to_category($rulefile);
- # Strip out extra & & ? from rulefilelink
- $rulefilelink =~ s/^\?\&/\?/i;
+ # Table and rows for the rule files.
+ print"<tr>\n";
+ print"<td class='base' width='5%'>\n";
+ print"<input type='checkbox' name='$rulefile' $rulechecked>\n";
+ print"</td>\n";
+ print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
+ print"<td class='base' width='5%' align='right'>\n";
+ print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
+ print"</td>\n";
+ print"</tr>\n";
- # Check for a single '?' and replace with page for proper link display
- if ($rulefilelink eq '?') {
- $rulefilelink = "ids.cgi";
- }
-
- # Output rule file name and checkbox
- print "<tr><td class='base' valign='top'><input type='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <a href='$rulefilelink'>$rulefile</a></td></tr>";
- print "<tr><td class='base' valign='top'>";
+ # Rows which will be hidden per default and will contain the single rules.
+ print"<tr style='display:none' id='$categoryname'>\n";
+ print"<td colspan='3'>\n";
- # Check for empty 'Description'
- if ($snortrules{$rulefile}{'Description'} eq '') {
- print "<table width='100%'><tr><td class='base'>No description available</td></tr>";
- } else {
- # Output rule file 'Description'
- print "<table width='100%'><tr><td class='base'>$snortrules{$rulefile}{'Description'}</td></tr>";
- }
+ # Local vars
+ my $lines;
+ my $rows;
+ my $col;
- # Check for display flag
- if ($displayrulefilerules) {
- # Rule file definition rule display
- print "<tr><td class='base' valign='top'><table border='0'><tr>";
+ # New table for the single rules.
+ print "<table width='100%'>\n";
+ # Loop over rule file rules
+ foreach my $sid (sort {$a <=> $b} keys(%{$idsrules{$rulefile}})) {
# Local vars
- my $ruledefdisplaycnt = 0;
- my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}};
- $ruledefcnt++;
- $ruledefcnt = $ruledefcnt / 2;
-
- # Loop over rule file rules
- foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) {
- # Local vars
- my $ruledefchecked = '';
-
- # If have display 2 rules, start new row
- if (($ruledefdisplaycnt % 2) == 0) {
- print "</tr><tr>";
- $ruledefdisplaycnt = 0;
- }
+ my $ruledefchecked = '';
- # Check for rules state
- if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') {
- $ruledefchecked = 'CHECKED';
- }
+ # Skip rulefile itself.
+ next if ($sid eq "Rulefile");
- # Create rule file rule's checkbox
- $checkboxname = "SNORT_RULE_$rulefile";
- $checkboxname .= "_$ruledef";
- print "<td class='base'><input type='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</td>";
+ # If 2 rules have been displayed, start a new row
+ if (($lines % 2) == 0) {
+ print "</tr><tr>\n";
- # Increment count
- $ruledefdisplaycnt++;
+ # Increase rows by once.
+ $rows++;
}
- # If do not have second rule for row, create empty cell
- if (($ruledefdisplaycnt % 2) != 0) {
- print "<td class='base'></td>";
+ # Colour lines.
+ if ($rows % 2) {
+ $col="bgcolor='$color{'color20'}'";
+ } else {
+ $col="bgcolor='$color{'color22'}'";
}
- # Close display table
- print "</tr></table></td></tr>";
- }
+ # Set rule state
+ if ($idsrules{$rulefile}{$sid}{'State'} eq 'on') {
+ $ruledefchecked = 'CHECKED';
+ }
- # Close display table
- print "</table>";
+ # Create rule checkbox and display rule description
+ print "<td class='base' width='5%' align='right' $col>\n";
+ print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
+ print "</td>\n";
+ print "<td class='base' width='45%' $col>$idsrules{$rulefile}{$sid}{'Description'}</td>";
- # Increment ruledisplaycnt
- $ruledisplaycnt++;
+ # Increment rule count
+ $lines++;
+ }
+
+ # If do not have a second rule for row, create empty cell
+ if (($lines % 2) != 0) {
+ print "<td class='base'></td>";
+ }
+
+ # Close display table
+ print "</tr></table></td></tr>";
}
- print "</td></tr></table></td></tr></table>";
- print <<END
+
+ # Close display table
+ print "</table>";
+
+print <<END
<table width='100%'>
<tr>
- <td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
- <!-- space for future online help link -->
- </td>
+ <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td>
</tr>
</table>
</form>
&Header::closebox();
}
-####################### End added for snort rules control #################################
&Header::closebigbox();
&Header::closepage();
-sub downloadrulesfile {
- my $peer;
- my $peerport;
+#
+## A function to display a notice, to lock the webpage and
+## tell the user which action currently will be performed.
+#
+sub working_notice ($) {
+ my ($message) = @_;
+
+ &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
+ &Header::openbigbox('100%', 'left', '', $errormessage);
+ &Header::openbox( 'Waiting', 1,);
+ print <<END;
+ <table>
+ <tr>
+ <td><img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' /></td>
+ <td>$message</td>
+ </tr>
+ </table>
+END
+ &Header::closebox();
+ &Header::closebigbox();
+ &Header::closepage();
+}
- unlink("/var/tmp/log");
+#
+## A tiny function to perform a reload of the webpage after one second.
+#
+sub reload () {
+ print "<meta http-equiv='refresh' content='1'>\n";
- unless (-e "${General::swroot}/red/active") {
- $errormessage = $Lang::tr{'could not download latest updates'};
- return undef;
+ # Stop the script.
+ exit;
+}
+
+#
+## Private function to read-in and parse rules of a given rulefile.
+#
+## The given file will be read, parsed and all valid rules will be stored by ID,
+## message/description and it's state in the idsrules hash.
+#
+sub readrulesfile ($) {
+ my $rulefile = shift;
+
+ # Open rule file and read in contents
+ open(RULEFILE, "$IDS::rulespath/$rulefile") or die "Unable to read $rulefile!";
+
+ # Store file content in an array.
+ my @lines = <RULEFILE>;
+
+ # Close file.
+ close(RULEFILE);
+
+ # Loop over rule file contents
+ foreach my $line (@lines) {
+ # Remove whitespaces.
+ chomp $line;
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Local vars.
+ my $sid;
+ my $msg;
+
+ # Gather rule sid and message from the ruleline.
+ if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
+ $msg = $1;
+ $sid = $2;
+
+ # Check if a rule has been found.
+ if ($sid && $msg) {
+ # Add rule to the idsrules hash.
+ $idsrules{$rulefile}{$sid}{'Description'} = $msg;
+
+ # Grab status of the rule. Check if ruleline starts with a "dash".
+ if ($line =~ /^\#/) {
+ # If yes, the rule is disabled.
+ $idsrules{$rulefile}{$sid}{'State'} = "off";
+ } else {
+ # Otherwise the rule is enabled.
+ $idsrules{$rulefile}{$sid}{'State'} = "on";
+ }
+ }
+ }
}
+}
- my %proxysettings=();
- &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
+#
+## Function to get the used memory of a given process-id.
+#
+sub get_memory_usage($) {
+ my ($pid) = @_;
+
+ my $memory = 0;
+
+ # Try to open the status file for the given process-id on the pseudo
+ # file system proc.
+ if (open(FILE, "/proc/$pid/status")) {
+ # Loop through the entire file.
+ while (<FILE>) {
+ # Splitt current line content and store them into variables.
+ my ($key, $value) = split(":", $_, 2);
+
+ # Check if the current key is the one which contains the memory usage.
+ # The wanted one is VmRSS which contains the Real-memory (resident set)
+ # of the entire process.
+ if ($key eq "VmRSS") {
+ # Found the memory usage add it to the memory variable.
+ $memory += $value;
+
+ # Break the loop.
+ last;
+ }
+ }
+
+ # Close file handle.
+ close(FILE);
- if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
- ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
+ # Return memory usage.
+ return $memory;
}
- if ($peer) {
- system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -e https_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
- } else {
- system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
+ # If the file could not be open, return nothing.
+ return;
+}
+
+#
+## Function to read-in the given enabled or disables sids file.
+#
+sub read_enabled_disabled_sids_file($) {
+ my ($file) = @_;
+
+ # Temporary hash to store the sids and their state. It will be
+ # returned at the end of this function.
+ my %temphash;
+
+ # Open the given filename.
+ open(FILE, "$file") or die "Could not open $file. $!\n";
+
+ # Loop through the file.
+ while(<FILE>) {
+ # Remove newlines.
+ chomp $_;
+
+ # Skip blank lines.
+ next if ($_ =~ /^\s*$/);
+
+ # Skip coments.
+ next if ($_ =~ /^\#/);
+
+ # Splitt line into sid and state part.
+ my ($state, $sid) = split(" ", $_);
+
+ # Skip line if the sid is not numeric.
+ next unless ($sid =~ /\d+/ );
+
+ # Check if the sid was enabled.
+ if ($state eq "enablesid") {
+ # Add the sid and its state as enabled to the temporary hash.
+ $temphash{$sid} = "enabled";
+ # Check if the sid was disabled.
+ } elsif ($state eq "disablesid") {
+ # Add the sid and its state as disabled to the temporary hash.
+ $temphash{$sid} = "disabled";
+ # Invalid state - skip the current sid and state.
+ } else {
+ next;
+ }
}
+
+ # Close filehandle.
+ close(FILE);
+
+ # Return the hash.
+ return %temphash;
+}
+
+#
+## Private function to convert a given rulefile to a category name.
+## ( No file extension anymore and if the name contained a dot, it
+## would be replaced by a underline sign.)
+#
+sub _rulefile_to_category($) {
+ my ($filename) = @_;
+
+ # Splitt the filename into single chunks and store them in a
+ # temorary array.
+ my @parts = split(/\./, $filename);
+
+ # Return / Remove last element of the temporary array.
+ # This removes the file extension.
+ pop @parts;
+
+ # Join together the single elements of the temporary array.
+ # If these are more than one, use a "underline" for joining.
+ my $category = join '_', @parts;
+
+ # Return the converted filename.
+ return $category;
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'export'})
{
print "Content-type: text/plain\n\n";
- print "IPFire IDS snort log\r\n";
+ print "IPFire IPS log\r\n";
print "Date: $cgiparams{'DAY'} $longmonths[$cgiparams{'MONTH'}]\r\n";
print "\r\n";
{
my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/);
$refs =~ s/,$//;
+
+ # Skip event if no datetime and title are available.
+ next unless (($datetime) && ($title));
+
print "Date: $datetime\n";
print "Name: $title\n";
print "Priority: $priority\n";
&Header::closebox();
&Header::openbox('100%', 'left', $Lang::tr{'log'});
-print "<p><b>$Lang::tr{'snort hits'} $longmonthstr $daystr: $lines</b></p>";
+print "<p><b>$Lang::tr{'ids log hits'} $longmonthstr $daystr: $lines</b></p>";
if ($start == -1) {
$start = $lines - ${Header::viewsize}; }
else {
print "<tr bgcolor='$color{'color22'}'><td>\n"; }
my ($datetime,$title,$priority,$classification,$srcip,$srcport,$destip,$destport,$sid,$refs) = split(/\|/);
+
+ # Only show the current event if at least datetime and title are available.
+ next unless (($datetime) && ($title));
+
print <<END
<table width='100%'>
<tr>
}
print <<END
</tr>
-</table>
+</table><br>
</td></tr>
END
;
our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs);
my $filestr='';
+ my $readmode='';
if ($datediff==0) {
- $filestr="/var/log/snort/alert";
+ # If there is no datediff, directly assign the suricata fast.log.
+ $filestr="/var/log/suricata/fast.log";
} else {
- $filestr="/var/log/snort/alert.$datediff";
- $filestr = "$filestr.gz" if -f "$filestr.gz";
+ # If there is a datediff, assign the datediff to the filestring.
+ $filestr="/var/log/suricata/fast.log.$datediff";
+
+ # The files are compressed add the extension to the filestring.
+ $filestr="$filestr.gz";
+
+ # If the file does not exist, try to fallback to legacy snort alert file.
+ unless (-f $filestr) {
+ # Assign snort alert file, the datediff and extension for compressed file.
+ $filestr = "/var/log/snort/alert.$datediff";
+ $filestr = "$filestr.gz";
+
+ # Assign "snort" as readmode.
+ $readmode="snort";
+ }
}
if (!(open (LOG,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
$errormessage="$errormessage$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}";
while(<LOG>) {
$line++;
- if ($_ =~ m/\[\*\*\]/) {
+ if (($_ =~ m/\[\*\*\]/) && ($readmode eq "snort")) {
unless ($line == 1 || $date ne "$monthstr/$daystr") {
&append;
$line = 1;
}
- ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
+ ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport,$sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
@refs = ();
$_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
$title = &Header::cleanhtml($2,"y");
+ } else {
+ &append;
+ $line = 1;
+
+ # Assign default values.
+ ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport,$sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
+ @refs = ();
+
+ # Gather title details from line.
+ $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
+ $title = &Header::cleanhtml($2,"y");
}
if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) {
$classification = &Header::cleanhtml($1,"y");
$destport = $10;
}
- if ($_ =~ m/^([0-9\/]{3,5})\-([0-9\:]{5,8})\.([0-9]{1,14})/) {
+ if ($_ =~ m/^([0-9\/]{3,10})\-([0-9\:]{5,8})\.([0-9]{1,14})/) {
($date,$time) = ($1,$2);
}
if ($_ =~ m/\[Xref \=\>.*\]/) {
}
}
$line++;
- unless ($line == 1 || $date ne "$monthstr/$daystr") { &append; }
+
+ # Split the date into single chunks.
+ my ($month, $day, $year) = split('/', $date);
+
+ # Check if all data is collected and the date of the event fits the desired date to
+ # get displayed.
+ if ($line gt 1 || "$month/$day" eq "$monthstr/$daystr") { &append; }
+
close(LOG);
}
}
'ipsec' => '(ipsec_[\w_]+: |pluto\[.*\]: |charon: |vpnwatch: )',
'kernel' => '(kernel: (?!DROP_))',
'ntp' => '(ntpd(?:ate)?\[.*\]: )',
+ 'oinkmaster' => '(oinkmaster\[.*\]: )',
'openvpn' => '(openvpnserver\[.*\]: |.*n2n\[.*\]: )',
'pakfire' => '(pakfire:)',
'red' => '(red:|pppd\[.*\]: |chat\[.*\]|pppoe\[.*\]|pptp\[.*\]|pppoa\[.*\]|pppoa3\[.*\]|pppoeci\[.*\]|ipppd|ipppd\[.*\]|kernel: ippp\d|kernel: isdn.*|ibod\[.*\]|dhcpcd\[.*\]|modem_run\[.*\])',
- 'snort' => '(snort\[.*\]: )',
+ 'suricata' => '(suricata\[.*\]: )',
'squid' => '(squid\[.*\]: |squid: )',
'ssh' => '(sshd(?:\(.*\))?\[.*\]: )',
'unbound' => '(unbound: \[.*:.*\])(.*:.*$)',
'ipsec' => 'IPSec',
'kernel' => "$Lang::tr{'kernel'}",
'ntp' => 'NTP',
+ 'oinkmaster' => 'Oinkmaster',
'openvpn' => 'OpenVPN',
'pakfire' => 'Pakfire',
'red' => 'RED',
- 'snort' => "$Lang::tr{'intrusion detection'}",
+ 'suricata' => "$Lang::tr{'intrusion detection'}",
'squid' => "$Lang::tr{'web proxy'}",
'ssh' => 'SSH',
'unbound' => 'DNS: Unbound',
$errormessage=$Lang::tr{'ccd err invalidnet'};
return;
}
-
- $errormessage=&General::checksubnets($ccdname,$ccdnet);
-
-
+
if (!$errormessage) {
my %ccdconfhash=();
$baseaddress=&General::getnetworkip($ccdip,$subcidr);
$Lang::tr{'secure shell server'} => 'sshd',
$Lang::tr{'vpn'} => 'charon',
$Lang::tr{'web proxy'} => 'squid',
+ $Lang::tr{'intrusion detection system'} => 'suricata',
'OpenVPN' => 'openvpn'
);
$Lang::tr{'vpn'} => "<a href=\'vpnmain.cgi\'>$Lang::tr{'vpn'}</a>",
$Lang::tr{'web proxy'} => "<a href=\'proxy.cgi\'>$Lang::tr{'web proxy'}</a>",
'OpenVPN' => "<a href=\'ovpnmain.cgi\'>OpenVPN</a>",
- "$Lang::tr{'intrusion detection system'} (GREEN)" => "<a href=\'ids.cgi\'>$Lang::tr{'intrusion detection system'} (GREEN)</a>",
- "$Lang::tr{'intrusion detection system'} (RED)" => "<a href=\'ids.cgi\'>$Lang::tr{'intrusion detection system'} (RED)</a>",
- "$Lang::tr{'intrusion detection system'} (ORANGE)" => "<a href=\'ids.cgi\'>$Lang::tr{'intrusion detection system'} (ORANGE)</a>",
- "$Lang::tr{'intrusion detection system'} (BLUE)" => "<a href=\'ids.cgi\'>$Lang::tr{'intrusion detection system'} (BLUE)</a>"
+ "$Lang::tr{'intrusion detection system'}" => "<a href=\'ids.cgi\'>$Lang::tr{'intrusion detection system'}</a>",
);
-my $lines=0; # Used to count the outputlines to make different bgcolor
-
-my $iface = '';
-if (open(FILE, "${General::swroot}/red/iface")){
- $iface = <FILE>;
- close FILE;
- chomp $iface;
-}
-
-$servicenames{"$Lang::tr{'intrusion detection system'} (RED)"} = "snort_${iface}";
-$servicenames{"$Lang::tr{'intrusion detection system'} (GREEN)"} = "snort_$netsettings{'GREEN_DEV'}";
+# Hash to overwrite the process name of a process if it differs fromt the launch command.
+my %overwrite_exename_hash = (
+ "suricata" => "Suricata-Main"
+);
-if ($netsettings{'ORANGE_DEV'} ne ''){
- $servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
-}
-if ($netsettings{'BLUE_DEV'} ne ''){
- $servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
-}
+my $lines=0; # Used to count the outputlines to make different bgcolor
my @querry = split(/\?/,$ENV{'QUERY_STRING'});
$querry[0] = '' unless defined $querry[0];
my $memory;
$cmd =~ /(^[a-z]+)/;
- $exename = $1;
+
+ # Check if the exename needs to be overwritten.
+ # This happens if the expected process name string
+ # differs from the real one. This may happened if
+ # a service uses multiple processes or threads.
+ if (exists($overwrite_exename_hash{$1})) {
+ # Grab the string which will be reported by
+ # the process from the corresponding hash.
+ $exename = $overwrite_exename_hash{$1};
+ } else {
+ # Directly expect the launched command as
+ # process name.
+ $exename = $1;
+ }
if (open(FILE, "/var/run/${cmd}.pid")){
$pid = <FILE>; chomp $pid;
$cgiparams{'MODE'} = "tunnel";
}
+ if ($cgiparams{'INTERFACE_MTU'} eq "") {
+ $cgiparams{'INTERFACE_MTU'} = 1500;
+ }
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
$wlanapsettings{'HTCAPS'} = '';
$wlanapsettings{'VHTCAPS'} = '';
$wlanapsettings{'NOSCAN'} = 'off';
+$wlanapsettings{'CLIENTISOLATION'} = 'off';
&General::readhash("/var/ipfire/wlanap/settings", \%wlanapsettings);
&Header::getcgihash(\%wlanapsettings);
$checked{'NOSCAN'}{'on'} = '';
$checked{'NOSCAN'}{$wlanapsettings{'NOSCAN'}} = "checked='checked'";
+$checked{'CLIENTISOLATION'}{'off'} = '';
+$checked{'CLIENTISOLATION'}{'on'} = '';
+$checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'";
+
$selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'";
$selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'";
$selected{'COUNTRY'}{$wlanapsettings{'COUNTRY'}} = "selected='selected'";
<tr><td width='25%' class='base'>SSID: </td><td class='base' colspan='3'><input type='text' name='SSID' size='30' value='$wlanapsettings{'SSID'}' /></td></tr>
<!--SSID Broadcast: on => HIDESSID: off -->
<tr><td width='25%' class='base'>SSID Broadcast: </td><td class='base' colspan='3'>on <input type='radio' name='HIDESSID' value='off' $checked{'HIDESSID'}{'off'} /> | <input type='radio' name='HIDESSID' value='on' $checked{'HIDESSID'}{'on'} /> off</td></tr>
+<tr><td width='25%' class='base'>Client Isolation: </td><td class='base' colspan='3'>on <input type='radio' name='CLIENTISOLATION' value='off' $checked{'CLIENTISOLATION'}{'off'} /> | <input type='radio' name='CLIENTISOLATION' value='on' $checked{'CLIENTISOLATION'}{'on'} /> off</td></tr>
<tr><td width='25%' class='base'>$Lang::tr{'wlanap country'}: </td><td class='base' colspan='3'>
wmm_enabled=1
ht_capab=$wlanapsettings{'HTCAPS'}
vht_capab=$wlanapsettings{'VHTCAPS'}
+vht_oper_chwidth=1
+vht_oper_centr_freq_seg0_idx=42
END
;
auth_algs=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
+disassoc_low_ack=1
END
;
if ( $wlanapsettings{'HIDESSID'} eq 'on' ){
}
+ # https://forum.ipfire.org/viewtopic.php?f=22&t=12274&p=79070#p79070
+ if ( $wlanapsettings{'CLIENTISOLATION'} eq 'on' ){
+ print CONFIGFILE <<END
+ap_isolate=1
+END
+;
+ }
+
if ( $wlanapsettings{'NOSCAN'} eq 'on' ){
print CONFIGFILE <<END
noscan=1
'ConnSched time' => 'Zeit:',
'ConnSched up' => 'Herauf',
'ConnSched weekdays' => 'Wochentage:',
+'Daily' => 'Täglich',
+'Disabled' => 'Deaktiviert',
'Edit an existing route' => 'Eine existierende Route editieren',
'Enter TOS' => 'Aktivieren oder deaktivieren Sie die TOS-Bits <br /> und klicken Sie danach auf <i>Speichern</i>.',
'Existing Files' => 'Dateien in der Datenbank',
'Utilization on' => 'Auslastung auf',
'Verbose' => 'Verbose',
'WakeOnLan' => 'Wake On LAN',
+'Weekly' => 'Wöchentlich',
'a ca certificate with this name already exists' => 'Ein CA-Zertifikat mit diesem Namen existiert bereits.',
'a connection with this common name already exists' => 'Eine Verbindung mit diesem gemeinsamen Namen existiert bereits.',
'a connection with this name already exists' => 'Eine Verbindung mit diesem Namen existiert bereits.',
'dnsforward' => 'DNS-Weiterleitung',
'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen',
'dnsforward configuration' => 'Einstellungen für DNS Weiterleitung',
+'dnsforward dnssec disabled' => 'DNSSEC-Validierung deaktiviert',
'dnsforward edit an entry' => 'Existierenden Eintrag bearbeiten',
'dnsforward entries' => 'Aktuelle Einträge',
'dnsforward forward_servers' => 'DNS-Server',
'idle' => 'Leerlauf',
'idle timeout' => 'Leerlauf-Wartezeit in Min. (0 zum Deaktivieren):',
'idle timeout not set' => 'Leerlauf-Wartezeit nicht angegeben.',
-'ids log viewer' => 'Ansicht IDS-Protokoll',
-'ids logs' => 'IDS-Protokolldateien',
-'ids preprocessor' => 'IDS-Präprozessor',
-'ids rules license' => 'Um Sourcefire VRT Zertifizierte Regeln zu nutzen, müssen Sie sich unter',
-'ids rules license1' => ' registrieren.',
-'ids rules license2' => 'Bestätigen Sie die Lizenz; aktivieren Sie Ihren Account, indem Sie auf den Link, den Sie per Mail erhalten haben, klicken. Gehen Sie dann zu',
-'ids rules license3' => 'klicken Sie den "Generate code"-Knopf und kopieren Sie den 40-Zeichen Oinkcode in das untere Feld.',
-'ids rules update' => 'Snort Regeln Update',
+'ids apply' => 'Übernehmen',
+'ids apply ruleset changes' => 'Regeländerungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
+'ids automatic rules update' => 'Automatische Regelaktualisierung',
+'ids download new ruleset' => 'Das neue Regelsatz wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
+'ids enable' => 'Intrusion-Prevention-System aktivieren',
+'ids ignored hosts' => 'Ausnahmeliste',
+'ids log hits' => 'Gesamtanzahl der aktivierten Regeln für',
+'ids log viewer' => 'Ansicht IPS-Protokoll',
+'ids logs' => 'IPS-Protokolldateien',
+'ids monitor traffic only' => 'Netzwerk-Pakete nur überprüfen',
+'ids monitored interfaces' => 'Überwachte Netzwerkzonen',
+'ids no network zone' => 'Bitte wählen Sie mindestens eine Netzwerkzone aus, die überwacht werden soll',
+'ids no ruleset available' => 'Es ist kein Regelsatz verfügbar. Bitte laden Sie einen Regelsatz herunter.',
+'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt',
+'ids ruleset autoupdate in progress' => 'Der Regelsatz wird gerade aktualisiert. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
+'ids ruleset settings' => 'Regelsatzeinstellungen',
+'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
'ignore filter' => '"Ignorieren"-Filter',
'ike encryption' => 'IKE Verschlüsselung:',
'interface' => 'Schnittstelle',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
-'intrusion detection' => 'Einbruchdetektierung',
-'intrusion detection system' => 'Einbruchsdetektierung',
-'intrusion detection system log viewer' => 'Betrachter der IDS-Protokolldateien',
-'intrusion detection system rules' => 'Regeln für die Einbruchsdetektierung',
-'intrusion detection system2' => 'Intrusion Detection System:',
+'intrusion detection' => 'Intrusion-Prevention',
+'intrusion detection system' => 'Intrusion-Prevention-System',
+'intrusion detection system log viewer' => 'Betrachter der IPS-Protokolldateien',
+'intrusion detection system rules' => 'Regelset',
+'intrusion detection system2' => 'Intrusion-Prevention-System',
+'intrusion prevention system' => 'Intrusion-Prevention-System',
'invalid broadcast ip' => 'Ungültige Broadcast-IP',
'invalid cache size' => 'Ungültige Cache-Größe.',
'invalid characters found in pre-shared key' => 'Ungültige Zeichen im Pre-Shared Schlüssel gefunden.',
'refresh' => 'Aktualisieren',
'refresh index page while connected' => 'Aktualisiere index.cgi Seite während der Verbindung',
'refresh update list' => 'Aktualisiere Update-Liste',
-'registered user rules' => 'Sourcefire VRT Regeln für registrierte Benutzer',
+'registered user rules' => 'Talos VRT Regeln für registrierte Benutzer',
'released' => 'Freigegeben',
'reload' => 'neu laden',
'remark' => 'Anmerkung',
'rsvd dst port overlap' => 'Dieser Zielportbereich überlappt mit einem Port, der für die ausschließliche Benutzung durch IPFire reserviert ist:',
'rsvd src port overlap' => 'Dieser Quellportbereich überlappt mit einem Port, der für die ausschließliche Benutzung durch IPFire reserviert ist:',
'rules already up to date' => 'Regeln sind schon aktuell',
+'runmode' => 'Runmode',
'running' => 'LÄUFT',
'safe removal of umounted device' => 'Sie können gefahrlos das abgemeldete Gerät entfernen',
'samba' => 'Samba',
'smtphost' => 'Smtp Host',
'smtpport' => 'Smtp Port',
'snat new source ip address' => 'Neue Quell-IP-Adresse',
-'snort hits' => 'Gesamtanzahl der aktivierten Intrusion-Regeln für',
-'snort working' => 'Snort führt gerade eine Aufgabe aus... Bitte warten Sie, bis diese erfolgreich beendet wurde.',
'socket options' => 'Socket Options',
'software version' => 'Software-Version',
'sort ascending' => 'Sortiere aufsteigend',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netzmaske ist ungültig',
'subnet mask' => 'Subnetzmaske',
-'subscripted user rules' => 'Sourcefire VRT Regeln mit Abonnement',
+'subscripted user rules' => 'Talos VRT Regeln mit Abonnement',
'successfully refreshed updates list' => 'Update-Liste erfolgreich aktualisiert.',
'summaries kept' => 'Zusammenfassungen aufheben für',
'sunday' => 'Sonntag',
'system has hwrng' => 'Dieses System hat einen Hardware-Zufallszahlengenerator.',
'system has rdrand' => 'Dieses System unterstützt Intel(R) RDRAND.',
'system information' => 'Systeminformationen',
+'system is offline' => 'Das System ist offline.',
'system log viewer' => 'Betrachter der Systemprotokolldateien',
'system logs' => 'Systemprotokolldateien',
'system status information' => 'System-Statusinformationen',
'unnamed' => 'Unbenannt',
'update' => 'Aktualisieren',
'update accelerator' => 'Update-Accelerator',
+'update ruleset' => 'Regelsatz aktualisieren',
'update time' => 'Aktualisiere die Uhrzeit:',
'update transcript' => 'Aktualisieren',
'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen',
'ConnSched time' => 'Time:',
'ConnSched up' => 'Up',
'ConnSched weekdays' => 'Days of the week:',
+'Daily' => 'Daily',
+'Disabled' => 'Disabled',
'Edit an existing route' => 'Edit an existing route',
'Enter TOS' => 'Activate or deactivate TOS-bits <br /> and then press <i>Save</i>.',
'Existing Files' => 'Files in database',
'Utilization on' => 'Utilization on',
'Verbose' => 'Verbose:',
'WakeOnLan' => 'Wake On Lan',
+'Weekly' => 'Weekly',
'a ca certificate with this name already exists' => 'A CA certificate with this name already exists.',
'a connection with this common name already exists' => 'A connection with this common name already exists.',
'a connection with this name already exists' => 'A connection with this name already exists.',
'dhcp configuration' => 'DHCP configuration',
'dhcp create fixed leases' => 'Create fixed leases',
'dhcp dns enable update' => 'Enable DNS Update (RFC2136):',
-'dhcp dns key name' => 'Key Name:',
+'dhcp dns key name' => 'Key Name',
'dhcp dns update' => 'DNS Update',
-'dhcp dns update algo' => 'Algorithm:',
-'dhcp dns update secret' => 'Secret:',
+'dhcp dns update algo' => 'Algorithm',
+'dhcp dns update secret' => 'Secret',
'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC address or the hostname, or you enter both.',
'dhcp fixed lease help1' => 'IP Addresses might be entered as FQDN',
'dhcp mode' => 'DHCP',
'dnsforward' => 'DNS Forwarding',
'dnsforward add a new entry' => 'Add a new entry',
'dnsforward configuration' => 'DNS forward configuration',
+'dnsforward dnssec disabled' => 'DNSSEC Validation is disabled',
'dnsforward edit an entry' => 'Edit an existing entry',
'dnsforward entries' => 'Current entries',
'dnsforward forward_servers' => 'Nameservers',
'email tls' => 'Use TLS',
'email usemail' => 'Activate Mail Service',
'emailreportlevel' => 'E-mailreportlevel',
+'emerging pro rules' => 'Emergingthreats.net Pro Rules',
'emerging rules' => 'Emergingthreats.net Community Rules',
'empty' => 'This field may be left blank',
'empty profile' => 'empty',
'idle' => 'Idle',
'idle timeout' => 'Idle timeout (mins; 0 to disable):',
'idle timeout not set' => 'Idle timeout not set.',
-'ids log viewer' => 'IDS log viewer',
-'ids logs' => 'IDS Logs',
-'ids preprocessor' => 'IDS preprocessor',
-'ids rules license' => 'To utilize Sourcefire VRT Certified Rules, you need to register on',
-'ids rules license1' => '.',
-'ids rules license2' => 'Acknowledge the license, activate your account by visiting the url you got via mail. Then go to',
-'ids rules license3' => 'press the "Generate code"-button and copy the 40 character Oinkcode into the field below.',
-'ids rules update' => 'Snort rules update',
+'ids apply' => 'Apply',
+'ids apply ruleset changes' => 'The ruleset changes are being applied. Please wait until all operations have completed successfully...',
+'ids automatic rules update' => 'Automatic Rule Update',
+'ids download new ruleset' => 'Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...',
+'ids enable' => 'Enable Intrusion Prevention System',
+'ids hide' => 'Hide',
+'ids ignored hosts' => 'Whitelisted Hosts',
+'ids log hits' => 'Total of number of activated rules for',
+'ids log viewer' => 'IPS Log Viewer',
+'ids logs' => 'IPS Logs',
+'ids monitor traffic only' => 'Monitor traffic only',
+'ids monitored interfaces' => 'Monitored Interfaces',
+'ids no network zone' => 'Please select at least one network zone to be monitored',
+'ids no ruleset available' => 'No ruleset is available. Please download one first',
+'ids oinkcode required' => 'The selected ruleset requires a subscription or an Oinkcode',
+'ids rules update' => 'Ruleset',
+'ids ruleset autoupdate in progress' => 'Ruleset update in progress. Please wait until all operations have completed successfully...',
+'ids ruleset settings' => 'Ruleset Settings',
+'ids show' => 'Show',
+'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
'iface' => 'Iface',
'ignore filter' => 'Ignore filter',
'ike encryption' => 'IKE Encryption:',
'interface mode' => 'Interface',
'interfaces' => 'Interfaces',
'internet' => 'INTERNET',
-'intrusion detection' => 'Intrusion Detection',
-'intrusion detection system' => 'Intrusion Detection System',
-'intrusion detection system log viewer' => 'Intrusion Detection System Log Viewer',
-'intrusion detection system rules' => 'intrusion detection system rules',
-'intrusion detection system2' => 'Intrusion Detection System:',
+'intrusion detection' => 'Intrusion Prevention',
+'intrusion detection system' => 'Intrusion Prevention System',
+'intrusion detection system log viewer' => 'Intrusion Prevention System Log Viewer',
+'intrusion detection system rules' => 'Ruleset',
+'intrusion detection system2' => 'Intrusion Prevention System',
+'intrusion prevention system' => 'Intrusion Prevention System',
'invalid broadcast ip' => 'Invalid broadcast IP',
'invalid cache size' => 'Invalid cache size.',
'invalid characters found in pre-shared key' => 'Invalid characters found in pre-shared key.',
'refresh' => 'Refresh',
'refresh index page while connected' => 'Refresh index.cgi page while connected',
'refresh update list' => 'Refresh update list',
-'registered user rules' => 'Sourcefire VRT rules for registered users',
+'registered user rules' => 'Talos VRT rules for registered users',
'released' => 'Released',
'reload' => 'reload',
'remark' => 'Remark',
'rsvd dst port overlap' => 'Destination Port Range overlaps a port reserved for IPFire:',
'rsvd src port overlap' => 'Source Port Range overlaps a port reserved for IPFire:',
'rules already up to date' => 'Rules already up to date',
+'runmode' => 'Runmode',
'running' => 'RUNNING',
'safe removal of umounted device' => 'You can safely remove the unmounted device',
'samba' => 'Samba',
'smtphost' => 'SMTP host',
'smtpport' => 'SMTP port',
'snat new source ip address' => 'New source IP address',
-'snort hits' => 'Total of number of Intrusion rules activated for',
-'snort working' => 'Snort is working ... Please wait until all operations have completed successfully.',
'socket options' => 'Socket options',
'software version' => 'Software Version',
'sort ascending' => 'Sort ascending',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
'subnet mask' => 'Subnet Mask',
-'subscripted user rules' => 'Sourcefire VRT rules with subscription',
+'subscripted user rules' => 'Talos VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
'sunday' => 'Sunday',
'system has hwrng' => 'This system has a hardware random number generator.',
'system has rdrand' => 'This system has support for Intel(R) RDRAND.',
'system information' => 'System Information',
+'system is offline' => 'The system is offline.',
'system log viewer' => 'System Log Viewer',
'system logs' => 'System Logs',
'system status information' => 'System Status Information',
'unnamed' => 'Unnamed',
'update' => 'Update',
'update accelerator' => 'Update Accelerator',
+'update ruleset' => 'Update ruleset',
'update time' => 'Update the time:',
'update transcript' => 'Update transcript',
'updatedatabase' => 'Update Database with last report',
'refresh' => 'Actualizar',
'refresh index page while connected' => 'Actualizar la página index.cgi cuando esté conectado',
'refresh update list' => 'Recargar página de actualizaciones',
-'registered user rules' => 'Reglas VRT sourcefire para usuarios registrados',
+'registered user rules' => 'Reglas VRT talos para usuarios registrados',
'released' => 'Liberado',
'reload' => 'recargar',
'remark' => 'Remarcar',
'subject warn' => 'Advertencia. Se ha alcanzado un nível que requiere su atencion',
'subnet' => 'Subred',
'subnet is invalid' => 'Máscara de red no es válida',
-'subscripted user rules' => 'Reglas VRT sourcefire con suscripción',
+'subscripted user rules' => 'Reglas VRT talos con suscripción',
'successfully refreshed updates list' => 'Las listas de actualizaciones se refrescaron exitosamente.',
'summaries kept' => 'Mantener sumarios para',
'sunday' => 'Domingo',
'refresh' => 'Rafraîchir',
'refresh index page while connected' => 'Rafraîchir la page index.cgi tout en restant connecté',
'refresh update list' => 'Rafraîchir la liste des mises à jour',
-'registered user rules' => 'Règles Sourcefire VRT pour les utilisateurs enregistrés',
+'registered user rules' => 'Règles Talos VRT pour les utilisateurs enregistrés',
'released' => 'Disponible',
'reload' => 'Recharger',
'remark' => 'Remarque ',
'subject warn' => 'Attention - Le niveau d\'alerte a été atteint',
'subnet' => 'Sous-réseau',
'subnet is invalid' => 'Le masque réseau est non valide',
-'subscripted user rules' => 'Règles Sourcefire VRT avec abonnement',
+'subscripted user rules' => 'Règles Talos VRT avec abonnement',
'successfully refreshed updates list' => 'La liste des mises à jour a été rafraîchie avec succès.',
'summaries kept' => 'Conserver pour les résumés',
'sunday' => 'Dimanche',
'refresh' => 'Aggiorna',
'refresh index page while connected' => 'Aggiorna la pagina index.cgi mentre si é collegati',
'refresh update list' => 'Refresh update list',
-'registered user rules' => 'Sourcefire VRT rules for registered users',
+'registered user rules' => 'Talos VRT rules for registered users',
'released' => 'Released',
'reload' => 'reload',
'remark' => 'Commento',
'subject warn' => 'Warning - warnlevel reached',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
-'subscripted user rules' => 'Sourcefire VRT rules with subscription',
+'subscripted user rules' => 'Talos VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Tenere il sommaro per',
'sunday' => 'Domenica',
'refresh' => 'Ververs',
'refresh index page while connected' => 'Ververs de index.cgi pagina terwijl verbonden',
'refresh update list' => 'Ververs update-lijst',
-'registered user rules' => 'Sourcefire VRT regels voor geregistreerde gebruikers',
+'registered user rules' => 'Talos VRT regels voor geregistreerde gebruikers',
'released' => 'Released',
'reload' => 'herlaad',
'remark' => 'Opmerking',
'subject warn' => 'Waarschuwing – waarschuwingsniveau bereikt',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmasker is ongeldig',
-'subscripted user rules' => 'Sourcefire VRT regels met abonnement',
+'subscripted user rules' => 'Talos VRT regels met abonnement',
'successfully refreshed updates list' => 'Lijst succesvol bijgewerkt.',
'summaries kept' => 'Bewaar samenvattingen voor',
'sunday' => 'Zondag',
'refresh' => 'Odśwież',
'refresh index page while connected' => 'Odśwież stronę index.cgi po połączeniu',
'refresh update list' => 'Odśwież listę aktualizacji',
-'registered user rules' => 'Reguły Sourcefire VRT dla zarejestrowanych użytkowników',
+'registered user rules' => 'Reguły Talos VRT dla zarejestrowanych użytkowników',
'released' => 'Opublikowany',
'reload' => 'wczytaj',
'remark' => 'Komentarz',
'subject warn' => 'Ostrzeżenie - osiągnięto poziom ostrzeżenia',
'subnet' => 'Podsieć',
'subnet is invalid' => 'Maska sieci jest niepoprawna',
-'subscripted user rules' => 'Reguły Sourcefire VRT z subskrypcją',
+'subscripted user rules' => 'Reguły Talos VRT z subskrypcją',
'successfully refreshed updates list' => 'Pomyślnie odświeżono listę aktualizacji.',
'summaries kept' => 'Przechowuj podsumowania przez',
'sunday' => 'Niedziela',
'refresh' => 'Обновить',
'refresh index page while connected' => 'Обновлять index.cgi при подключении',
'refresh update list' => 'Refresh update list',
-'registered user rules' => 'Sourcefire VRT rules for registered users',
+'registered user rules' => 'Talos VRT rules for registered users',
'released' => 'Released',
'reload' => 'reload',
'remark' => 'Пояснение',
'subject warn' => 'Warning - warnlevel reached',
'subnet' => 'Subnet',
'subnet is invalid' => 'Netmask is invalid',
-'subscripted user rules' => 'Sourcefire VRT rules with subscription',
+'subscripted user rules' => 'Talos VRT rules with subscription',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Хранить',
'sunday' => 'Воскресенье',
'dhcp configuration' => 'DHCP yapılandırması',
'dhcp create fixed leases' => 'Sabit kiralama oluştur',
'dhcp dns enable update' => 'DNS güncelleştirmesini aktifleştir (RFC2136):',
-'dhcp dns key name' => 'Anahtar adı:',
+'dhcp dns key name' => 'Anahtar adı',
'dhcp dns update' => 'DNS güncelleme',
-'dhcp dns update algo' => 'Algoritma:',
-'dhcp dns update secret' => 'Gizli:',
+'dhcp dns update algo' => 'Algoritma',
+'dhcp dns update secret' => 'Gizli',
'dhcp fixed lease err1' => 'Bu düzeltme için MAC adresini, ana bilgisayar adını veya her ikisinide girmeniz gerekir',
'dhcp fixed lease help1' => 'IP adresleri tam tanımlanmış alan adları (FQDN) şeklinde girilmelidir.',
'dhcp mode' => 'DHCP',
include Config
-VER = 1.0.12
+VER = 1.1.9
THISAPP = borgbackup-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = borgbackup
-PAK_VER = 1
+PAK_VER = 2
DEPS = "python3 python3-llfuse python3-msgpack"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7bd9fa82a517d559d56a4e1ff5965bc8
+$(DL_FILE)_MD5 = 0fda2c1f636754d0748569bff67a6836
install : $(TARGET)
ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
menu.d modem optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
- proxy/calamaris/bin qos/bin red remote sensors snort time \
+ proxy/calamaris/bin qos/bin red remote sensors suricata time \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
isdn/settings mac/settings main/hosts main/routing main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
- qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
+ qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/aws-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/ids-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
+ # Install snort to suricata converter.
+ cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
+
# Add conntrack helper default settings
for proto in FTP H323 IRC SIP TFTP; do \
echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
include Config
-VER = 0.0.498gac688af
+VER = 1.3.3
THISAPP = dnsdist-$(VER)
DL_FILE = $(THISAPP).tar.bz2
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 i586
PROG = dnsdist
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
-MAX_PARALLELISM = $(shell echo $$(( $(SYSTEM_MEMORY) / 512)))
+MAX_PARALLELISM = $(shell echo $$(( $(SYSTEM_MEMORY) / 1024)))
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b1bc53b3a35aef7006b74086919847bf
+$(DL_FILE)_MD5 = 6bbcdf5296ac5303e88d779d1d57a4df
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --enable-openssl \
+ --disable-gnutls \
+ --with-lua \
+ --without-net-snmp
+
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
#install initscripts
$(call INSTALL_INITSCRIPT,dnsdist)
+ install -v -m 644 $(DIR_SRC)/config/backup/includes/dnsdist \
+ /var/ipfire/backup/addons/includes/dnsdist
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 20190329
+
+THISAPP = firmware-update-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = https://source.ipfire.org/releases/firmware-update/
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = firmware-update
+PAK_VER = 1
+
+DEPS = "flashrom"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 493f6d678bd9d3c7f35b25256e423ad2
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.0.1
+
+THISAPP = flashrom-v$(VER)
+DL_FILE = $(THISAPP).tar.bz2
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = flashrom
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 6a108a81db229016abd7f5397da39255
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install PREFIX=/usr
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.0.14
+VER = 3.0.18
THISAPP = freeradius-server-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = freeradius
-PAK_VER = 3
+PAK_VER = 5
DEPS = "samba"
+ifeq "$(BUILD_ARCH)" "armv5tel"
+ LDFLAGS += -latomic
+endif
+
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 71f0593f68e6d4dd2efc47a61219643d
+$(DL_FILE)_MD5 = 05f0c8c7ac79659f808ff31751daa857
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && \
./configure \
--without-rlm_sql_db2 \
--without-rlm_sql_oracle \
--without-rlm_sql_sqlite \
- --without-rlm_sql_mysql
+ --without-rlm_sql_mysql \
+ LDFLAGS="$(LDFLAGS)"
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.5.19
+VER = 3.6.7
+SUBVER = .1
THISAPP = gnutls-$(VER)
-DL_FILE = $(THISAPP).tar.xz
+DL_FILE = $(THISAPP)$(SUBVER).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1002f4099ce11d785e9811099aaa59a6
+$(DL_FILE)_MD5 = 92a8049e618afa60e2c852da1884c457
install : $(TARGET)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = hostapd
-PAK_VER = 44
+PAK_VER = 45
DEPS = ""
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = ipfire
+
+THISAPP = ids-ruleset-sources
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+install : $(TARGET)
+
+check :
+
+download :
+
+md5 :
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) :
+ @$(PREBUILD)
+ # Simple install the ruleset sources file.
+ install -m 644 $(DIR_SRC)/config/suricata/ruleset-sources \
+ /var/ipfire/suricata/
+ @$(POSTBUILD)
ln -sf ../init.d/fcron /etc/rc.d/rc0.d/K08fcron
ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron
ln -sf ../init.d/fcron /etc/rc.d/rc6.d/K08fcron
- ln -sf ../init.d/snort /etc/rc.d/rc0.d/K78snort
- ln -sf ../init.d/snort /etc/rc.d/rc6.d/K78snort
+ ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata
+ ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata
ln -sf ../init.d/network /etc/rc.d/rc0.d/K80network
ln -sf ../init.d/network /etc/rc.d/rc3.d/S20network
ln -sf ../init.d/network /etc/rc.d/rc6.d/K80network
ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient
- ln -sf ../../../../../usr/local/bin/snortctrl \
- /etc/rc.d/init.d/networking/red.up/23-RS-snort
ln -sf ../../../../../usr/local/bin/qosctrl \
/etc/rc.d/init.d/networking/red.up/24-RS-qos
ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
include Config
-VER = 2.9.12
+VER = 0.7.9
-THISAPP = snort-$(VER)
+THISAPP = libcap-ng-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3a305d9c44bd0319aa50783a60c8947f
+$(DL_FILE)_MD5 = 2398d695508fab9ce33668c53a89b0e9
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) $(DIR_SRC)/snort* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
- --sysconfdir=/etc/snort \
- --target=i586 \
- --enable-linux-smp-stats \
- --disable-open-appid \
- --enable-gre \
- --enable-mpls \
- --enable-targetbased \
- --enable-ppm \
- --enable-non-ether-decoders \
- --enable-perfprofiling \
- --enable-active-response \
- --enable-normalizer \
- --enable-reload \
- --enable-react \
- --enable-flexresp3
+ --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- mv /usr/bin/snort /usr/sbin/
- -mkdir -p /etc/snort/rules
-
- cd $(DIR_APP) && install -m 0644 \
- etc/reference.config etc/classification.config /etc/snort/rules
- cd $(DIR_APP) && install -m 0644 etc/unicode.map /etc/snort
- install -m 0644 $(DIR_SRC)/config/snort/snort.conf /etc/snort
- cp /etc/snort/snort.conf /etc/snort/snort.conf.template
- chown -R nobody:nobody /etc/snort
- -mkdir -p /var/log/snort
- chown -R snort:snort /var/log/snort
- @rm -rf $(DIR_APP) $(DIR_SRC)/snort*
+ @rm -rf $(DIR_APP)
@$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.5.29
+
+THISAPP = libhtp-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 5feb73647723db5b458d00faddb30954
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./autogen.sh
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
include Config
-VER = 4.14.103
-ARM_PATCHES = 4.14.103-ipfire0
+VER = 4.14.111
+ARM_PATCHES = 4.14.111-ipfire0
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
CFLAGS =
CXXFLAGS =
-PAK_VER = 81
+PAK_VER = 82
DEPS = ""
HEADERS_ARCH = $(BUILD_PLATFORM)
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = 7092950433828a3dbe62a981decfd4f8
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 1cda52264dad96fcba65bd335fbbfa95
+$(DL_FILE)_MD5 = d1ef2ffcf41ca1cb58ba4fd6f2872ccf
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = ed976ae7954c36b715fdb6b83630d0b6
install : $(TARGET)
cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
# Wlan Patches
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-ath_ignore_eeprom_regd.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
# Add LED trigger
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 5.3.0
+VER = 5.3.5
THISAPP = lua-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a1b0a7e92d0c85bbff7a8d27bf29f8af
+$(DL_FILE)_MD5 = 4f4b4f323fd3514a68e0ab3da8ce3455
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && cp -v src/luaconf.h src/luaconf.h.template.in
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lua-5.3.0-autotoolize.patch
+
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lua/lua-5.3.5-autotoolize.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lua/lua-5.3.5-shared_library-1.patch
+
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.3
+VER = 3.4.1
THISAPP = nettle-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 10f969f78a463704ae73529978148dbe
+$(DL_FILE)_MD5 = 9bdebb0e2f638d3b9d91f7fc264b70c1
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.15.1
+VER = 1.15.9
THISAPP = nginx-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nginx
-PAK_VER = 8
+PAK_VER = 9
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2dd5a265c54a76b699443931d80a61b9
+$(DL_FILE)_MD5 = 00dde20d4d2cc65bdaf8950a5bd3e14b
install : $(TARGET)
--with-http_stub_status_module \
--with-http_dav_module \
--with-http_sub_module \
+ --with-http_v2_module \
--with-pcre
+
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
mkdir -p /var/log/nginx /var/spool/nginx
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 4.2.8p12
+VER = 4.2.8p13
THISAPP = ntp-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1522d66574bae14abb2622746dad2bdc
+$(DL_FILE)_MD5 = ea040ab9b4ca656b5229b89d6b822f13
install : $(TARGET)
cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc/nut \
--with-usb --with-user=root --with-group=nut \
--with-wrap=no --with-udev-dir=/etc/udev
- cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make #$(MAKETUNING)
cd $(DIR_APP) && make install
# sed -i -e "s|ATTR{|SYSFS{|g" /etc/udev/rules.d/52-nut-usbups.rules
mkdir -p /var/state/ups
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/oinkmaster-2.0-add_community_rules.patch
cd $(DIR_APP) && chown nobody:nobody oinkmaster.pl
- cd $(DIR_APP) && cp -f oinkmaster.conf /var/ipfire/snort/
- cd /var/ipfire/snort && patch -Np1 < $(DIR_SRC)/src/patches/oinkmaster-tmp.patch
+ cd $(DIR_APP) && install -m 0644 $(DIR_SRC)/config/oinkmaster/oinkmaster.conf \
+ /var/ipfire/suricata/
+ cd /var/ipfire/suricata && patch -Np1 < $(DIR_SRC)/src/patches/oinkmaster-tmp.patch
cd $(DIR_APP) && install -m 0755 oinkmaster.pl /usr/local/bin/
@rm -rf $(DIR_APP)
@$(POSTBUILD)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 4.9.0.3
+
+THISAPP = pcengines-apu-firmware-$(VER)
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = pcengines-apu-firmware
+PAK_VER = 1
+
+DEPS = "firmware-update"
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = \
+ apu1_v$(VER).rom \
+ apu2_v$(VER).rom \
+ apu3_v$(VER).rom \
+ apu4_v$(VER).rom \
+ apu5_v$(VER).rom
+
+apu1_v$(VER).rom = $(DL_FROM)/apu1_v$(VER).rom
+apu2_v$(VER).rom = $(DL_FROM)/apu2_v$(VER).rom
+apu3_v$(VER).rom = $(DL_FROM)/apu3_v$(VER).rom
+apu4_v$(VER).rom = $(DL_FROM)/apu4_v$(VER).rom
+apu5_v$(VER).rom = $(DL_FROM)/apu5_v$(VER).rom
+
+apu1_v$(VER).rom_MD5 = eb446600520f9abc3704cd806cbf160f
+apu2_v$(VER).rom_MD5 = c61e10a6b2f76c8ada4e81f9e654decd
+apu3_v$(VER).rom_MD5 = d1390d76d0ee18912825fd95b08e3f26
+apu4_v$(VER).rom_MD5 = c36cc13a1ba196b33eb85592bd44fad7
+apu5_v$(VER).rom_MD5 = da69300aed63e89e827f1e3ee3adc06d
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+
+ # Install firmware to /lib/firmware
+ mkdir -pv /lib/firmware/pcengines/apu
+ cd $(DIR_DL) && install -v -m 644 $(objects) \
+ /lib/firmware/pcengines/apu
+
+ @$(POSTBUILD)
include Config
-VER = 3.4.3
+VER = 3.4.5
THISAPP = postfix-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = postfix
-PAK_VER = 19
+PAK_VER = 20
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7f539d5497f4cb0c3f5b66227aaeb561
+$(DL_FILE)_MD5 = 093109941095390562166de766d4720d
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.6.0
+VER = 1.7.1
THISAPP = rrdtool-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4ff52cc44b935b02d2742e6875094da5
+$(DL_FILE)_MD5 = 5f6133630324efe82c8dcefab2056818
install : $(TARGET)
--disable-rrdcgi \
--enable-perl \
--enable-perl-site-install \
+ --disable-lua \
--disable-tcl \
--disable-ruby \
--disable-python
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 4.1.3
+
+THISAPP = suricata-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 35c4a8e6be3910831649a073950195df
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --enable-gccprotect \
+ --disable-gccmarch-native \
+ --enable-non-bundled-htp \
+ --enable-nfqueue \
+ --disable-static \
+ --disable-python \
+ --disable-suricata-update
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ cd $(DIR_APP) && make install-conf
+
+ # Remove default suricata config file.
+ rm -rvf /etc/suricata/suricata.yaml
+
+ # Install IPFire related config file.
+ install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
+
+ # Remove shipped rules.
+ rm -rvf /usr/share/suricata
+
+ # Create emtpy rules directory.
+ -mkdir -p /var/lib/suricata
+
+ # Move config files for references, threshold and classification
+ # to the rules directory.
+ mv /etc/suricata/*.config /var/lib/suricata
+
+ # Set correct permissions for the files.
+ chmod 644 /var/lib/suricata/*.config
+
+ # Set correct ownership for /var/lib/suricata and the
+ # contained files
+ chown -R nobody:nobody /var/lib/suricata
+
+ # Create logging directory.
+ -mkdir -p /var/log/suricata
+
+ # Set correct ownership for /var/log/suricata.
+ chown suricata:suricata /var/log/suricata
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 34
+PAK_VER = 35
DEPS = ""
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
- --with-tor-user=nobody \
- --with-tor-group=nobody
+ --with-tor-user=tor \
+ --with-tor-group=tor
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.9.0
+VER = 1.9.1
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1026159991a3883518525bc18e25582f
+$(DL_FILE)_MD5 = 5d954920d192b33f7c88f015dd969940
install : $(TARGET)
include Config
-VER = 2.0.6
+VER = 0.2.1
-THISAPP = daq-$(VER)
+THISAPP = yaml-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2cd6da422a72c129c685fc4bb848c24c
+$(DL_FILE)_MD5 = 72724b9736923c517e5a8fc6757ef03d
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
- cd $(DIR_APP) && make
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
+ cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
-VERSION="2.21" # Version number
-CORE="130" # Core Level (Filename)
+<<<<<<< HEAD
+VERSION="2.23" # Version number
+CORE="131" # Core Level (Filename)
PAKFIRE_CORE="130" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
lfsmake2 openssl
[ "${BUILD_ARCH}" = "i586" ] && lfsmake2 openssl KCFG='-sse2'
lfsmake2 popt
+ lfsmake2 libedit
lfsmake2 libusb
lfsmake2 libusb-compat
lfsmake2 libpcap
lfsmake2 zd1211-firmware
lfsmake2 rpi-firmware
lfsmake2 intel-microcode
+ lfsmake2 pcengines-apu-firmware
lfsmake2 bc
lfsmake2 u-boot MKIMAGE=1
lfsmake2 cpio
lfsmake2 attr
lfsmake2 acl
lfsmake2 libcap
+ lfsmake2 libcap-ng
lfsmake2 pciutils
lfsmake2 usbutils
lfsmake2 libxml2
lfsmake2 setserial
lfsmake2 setup
lfsmake2 libdnet
- lfsmake2 daq
- lfsmake2 snort
+ lfsmake2 yaml
+ lfsmake2 libhtp
+ lfsmake2 suricata
lfsmake2 oinkmaster
+ lfsmake2 ids-ruleset-sources
lfsmake2 squid
lfsmake2 squidguard
lfsmake2 calamaris
lfsmake2 dehydrated
lfsmake2 shairport-sync
lfsmake2 borgbackup
- lfsmake2 libedit
lfsmake2 knot
lfsmake2 spectre-meltdown-checker
lfsmake2 zabbix_agentd
+ lfsmake2 flashrom
+ lfsmake2 firmware-update
}
buildinstaller() {
--- /dev/null
+#!/usr/bin/perl
+#
+# Helper script to regenerate the file which contains the HOME_NET declaration
+# including the assigned IP-address of red and any configured aliases.
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Hash to store the IDS settings.
+my %ids_settings = ();
+
+# Read-in IDS settings.
+&General::readhash("$IDS::ids_settings_file", \%ids_settings);
+
+# Check if suricata is enabled.
+if($ids_settings{'ENABLE_IDS'} eq "on") {
+ # Regenerate the file with HOME_NET details.
+ &IDS::generate_home_net_file();
+
+ # Set correct ownership.
+ &IDS::set_ownership("$IDS::homenet_file");
+
+ # Check if suricata is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a restart of suricata.
+ &IDS::call_suricatactrl("restart");
+ } else {
+ # Call suricatactrl to start suricata.
+ &IDS::call_suricatactrl("start");
+ }
+}
case "${1}" in
start)
boot_mesg "Starting dnsdist..."
- loadproc /usr/bin/dnsdist -d ${ARGS}
+ /usr/bin/dnsdist --supervised ${ARGS} >/dev/null &
+ evaluate_retval
;;
stop)
# Flush all rules.
flush_firewall
+ # Allow incoming traffic to Tor relay (and directory) port and
+ # all outgoing TCP connections from Tor user.
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
+ iptables -A TOR_OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
fi
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_DIRPORT}" ] && [ "${TOR_RELAY_DIRPORT}" -ne 0 ]; then
function flush_firewall() {
# Flush all rules.
iptables -F TOR_INPUT
+ iptables -F TOR_OUTPUT
}
case "${1}" in
touch /etc/sysconfig/lm_sensors
fi
+ # Do not search for sensors when running on AWS
+ if [ -e "/var/run/aws-instance-id" ]; then
+ touch /etc/sysconfig/lm_sensors
+ fi
+
# At first run search for sensors with sensors-detect
if [ ! -e /etc/sysconfig/lm_sensors ]; then
boot_mesg "Searching for Sensors..."
iptables -A INPUT -j GUARDIAN
iptables -A FORWARD -j GUARDIAN
+ # IPS (suricata) chains
+ iptables -N IPS
+ iptables -A INPUT -j IPS
+ iptables -A FORWARD -j IPS
+ iptables -A OUTPUT -j IPS
+
# Block non-established IPsec networks
iptables -N IPSECBLOCK
iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
iptables -N OVPNINPUT
iptables -A INPUT -j OVPNINPUT
- # Tor
+ # Tor (inbound and outbound)
iptables -N TOR_INPUT
iptables -A INPUT -j TOR_INPUT
+ iptables -N TOR_OUTPUT
+ iptables -A OUTPUT -j TOR_OUTPUT
# Jump into the actual firewall ruleset.
iptables -N INPUTFW
+++ /dev/null
-#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/snort
-#
-# Description : Snort Initscript
-#
-# Authors : Michael Tremer for ipfire.org - mitch@ipfire.org
-#
-# Version : 01.00
-#
-# Notes :
-#
-########################################################################
-
-. /etc/sysconfig/rc
-. ${rc_functions}
-
-PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
-
-eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
-
-ALIASFILE="/var/ipfire/ethernet/aliases"
-
-case "$1" in
- start)
- if [ "$BLUE_NETADDRESS" ]; then
- BLUE_NET="$BLUE_NETADDRESS/$BLUE_NETMASK,"
- BLUE_IP="$BLUE_ADDRESS,"
- fi
-
- if [ "$ORANGE_NETADDRESS" ]; then
- ORANGE_NET="$ORANGE_NETADDRESS/$ORANGE_NETMASK,"
- ORANGE_IP="$ORANGE_ADDRESS,"
- fi
-
- if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then
- DEVICES+="$ORANGE_DEV "
- HOMENET+="$ORANGE_IP"
- else
- HOMENET+="$ORANGE_NET"
- fi
-
- if [ "$ENABLE_SNORT_BLUE" == "on" ]; then
- DEVICES+="$BLUE_DEV "
- HOMENET+="$BLUE_IP"
- else
- HOMENET+="$BLUE_NET"
- fi
-
- if [ "$ENABLE_SNORT_GREEN" == "on" ]; then
- DEVICES+="$GREEN_DEV "
- HOMENET+="$GREEN_ADDRESS,"
- else
- HOMENET+="$GREEN_NETADDRESS/$GREEN_NETMASK,"
- fi
-
- if [ "$ENABLE_SNORT" == "on" ]; then
- DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
- LOCAL_IP=`cat /var/ipfire/red/local-ipaddress 2>/dev/null`
- if [ "$LOCAL_IP" ]; then
- HOMENET+="$LOCAL_IP,"
- fi
-
- # Check if the red device is set to static and
- # any aliases have been configured.
- if [ "${RED_TYPE}" == "STATIC" ] && [ -s "${ALIASFILE}" ]; then
- # Read in aliases file.
- while IFS="," read -r address mode remark; do
- # Check if the alias is enabled.
- [ "${mode}" = "on" ] || continue
-
- # Add alias to the list of HOMENET addresses.
- HOMENET+="${address},"
- done < "${ALIASFILE}"
- fi
- fi
- HOMENET+="127.0.0.1"
- echo "ipvar HOME_NET [$HOMENET]" > /etc/snort/vars
-
- DNS1=`cat /var/ipfire/red/dns1 2>/dev/null`
- DNS2=`cat /var/ipfire/red/dns2 2>/dev/null`
-
- if [ "$DNS2" ]; then
- echo "ipvar DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
- else
- echo "ipvar DNS_SERVERS $DNS1" >> /etc/snort/vars
- fi
-
- for DEVICE in $DEVICES; do
- boot_mesg "Starting Intrusion Detection System on $DEVICE..."
- /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run
- evaluate_retval
- sleep 1
- chmod 644 /var/run/snort_$DEVICE.pid
- done
- ;;
-
- stop)
- DEVICES=""
- if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
- DEVICES+="$BLUE_DEV "
- fi
-
- if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
- DEVICES+="$GREEN_DEV "
- fi
-
- if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
- DEVICES+="$ORANGE_DEV "
- fi
-
- RED=`cat /var/ipfire/red/iface 2>/dev/null`
- if [ -r /var/run/snort_$RED.pid ]; then
- DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
- fi
-
- for DEVICE in $DEVICES; do
- boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
- killproc -p /var/run/snort_$DEVICE.pid /var/run
- done
-
- rm /var/run/snort_* >/dev/null 2>/dev/null
-
- # Don't report returncode of rm if snort was not started
- exit 0
- ;;
-
- status)
- statusproc /usr/sbin/snort
- ;;
-
- restart)
- $0 stop
- $0 start
- ;;
-
- *)
- echo "Usage: $0 {start|stop|restart|status}"
- exit 1
- ;;
-esac
-
-chmod 644 /var/log/snort/* 2>/dev/null
-
-# End $rc_base/init.d/snort
--- /dev/null
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/suricata
+#
+# Description : Suricata Initscript
+#
+# Author : Stefan Schantl <stefan.schantl@ipfire.org>
+#
+# Version : 01.00
+#
+# Notes :
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
+
+eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
+
+# Name of the firewall chain.
+FW_CHAIN="IPS"
+
+# Optional options for the Netfilter queue.
+NFQ_OPTS="--queue-bypass "
+
+# Array containing the 4 possible network zones.
+network_zones=( red green blue orange )
+
+# Mark and Mask options.
+MARK="0x70000000"
+MASK="0x70000000"
+
+# PID file of suricata.
+PID_FILE="/var/run/suricata.pid"
+
+# Function to get the amount of CPU cores of the system.
+function get_cpu_count {
+ CPUCOUNT=0
+
+ # Loop through "/proc/cpuinfo" and count the amount of CPU cores.
+ while read line; do
+ [ "$line" ] && [ -z "${line%processor*}" ] && ((CPUCOUNT++))
+ done </proc/cpuinfo
+
+ echo $CPUCOUNT
+}
+
+# Function to create the firewall rules to pass the traffic to suricata.
+function generate_fw_rules {
+ cpu_count=$(get_cpu_count)
+
+ # Flush the firewall chain.
+ iptables -F "$FW_CHAIN"
+
+ # Loop through the array of network zones.
+ for zone in "${network_zones[@]}"; do
+ # Convert zone into upper case.
+ zone_upper=${zone^^}
+
+ # Generate variable name for checking if the IDS is
+ # enabled on the zone.
+ enable_ids_zone="ENABLE_IDS_$zone_upper"
+
+ # Check if the IDS is enabled for this network zone.
+ if [ "${!enable_ids_zone}" == "on" ]; then
+ # Generate name of the network interface.
+ network_device=$zone
+ network_device+="0"
+
+ # Assign NFQ_OPTS
+ NFQ_OPTIONS=$NFQ_OPTS
+
+ # Check if there are multiple cpu cores available.
+ if [ "$cpu_count" -gt "1" ]; then
+ # Balance beetween all queues.
+ NFQ_OPTIONS+="--queue-balance 0:$(($cpu_count-1))"
+ NFQ_OPTIONS+=" --queue-cpu-fanout"
+ else
+ # Send all packets to queue 0.
+ NFQ_OPTIONS+="--queue-num 0"
+ fi
+
+ # Create firewall rules to queue the traffic and pass to
+ # the IDS.
+ iptables -I "$FW_CHAIN" -i "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE $NFQ_OPTIONS
+ iptables -I "$FW_CHAIN" -o "$network_device" -m mark ! --mark "$MARK"/"$MASK" -j NFQUEUE $NFQ_OPTIONS
+ fi
+ done
+
+ # Clear repeat bit, so that it does not confuse IPsec or QoS
+ iptables -A "${FW_CHAIN}" -j MARK --set-xmark "0x0/${MASK}"
+}
+
+# Function to flush the firewall chain.
+function flush_fw_chain {
+ # Call iptables and flush the chain
+ iptables -F "$FW_CHAIN"
+}
+
+case "$1" in
+ start)
+ # Get amount of CPU cores.
+ cpu_count=$(get_cpu_count)
+
+ # Numer of NFQUES.
+ NFQUEUES=
+
+ for i in $(seq 0 $((cpu_count-1)) ); do
+ NFQUEUES+="-q $i "
+ done
+
+ # Check if the IDS should be started.
+ if [ "$ENABLE_IDS" == "on" ]; then
+ # Start the IDS.
+ boot_mesg "Starting Intrusion Detection System..."
+ /usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES >/dev/null 2>/dev/null
+ evaluate_retval
+
+ # Allow reading the pidfile.
+ chmod 644 $PID_FILE
+
+ # Flush the firewall chain
+ flush_fw_chain
+
+ # Generate firewall rules
+ generate_fw_rules
+ fi
+ ;;
+
+ stop)
+ boot_mesg "Stopping Intrusion Detection System..."
+ killproc -p $PID_FILE /var/run
+
+ # Flush firewall chain.
+ flush_fw_chain
+
+ # Remove suricata control socket.
+ rm /var/run/suricata/* >/dev/null 2>/dev/null
+
+ # Don't report returncode of rm if suricata was not started
+ exit 0
+ ;;
+
+ status)
+ statusproc /usr/bin/suricata
+ ;;
+
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ reload)
+ # Send SIGUSR2 to the suricata process to perform a reload
+ # of the ruleset.
+ kill -USR2 $(pidof suricata)
+
+ # Flush the firewall chain.
+ flush_fw_chain
+
+ # Generate firewall rules.
+ generate_fw_rules
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|status}"
+ exit 1
+ ;;
+esac
+
+chmod 644 /var/log/suricata/* 2>/dev/null
+
+# End $rc_base/init.d/suricata
PROGS = iowrap
SUID_PROGS = squidctrl sshctrl ipfirereboot \
- ipsecctrl timectrl dhcpctrl snortctrl \
+ ipsecctrl timectrl dhcpctrl suricatactrl \
applejuicectrl rebuildhosts backupctrl collectdctrl \
logwatch wioscan wiohelper openvpnctrl firewallctrl \
wirelessctrl getipstat qosctrl launch-ether-wake \
+++ /dev/null
-/* This file is part of the IPFire Firewall.
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence. See the file COPYING for details.
- *
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <fcntl.h>
-#include "setuid.h"
-
-int main(int argc, char *argv[]) {
-
- if (!(initsetuid()))
- exit(1);
-
- if (argc < 2) {
- fprintf(stderr, "\nNo argument given.\n\nsnortctrl (start|stop|restart)\n\n");
- exit(1);
- }
-
- if (strcmp(argv[1], "start") == 0) {
- safe_system("/etc/rc.d/init.d/snort start");
- } else if (strcmp(argv[1], "stop") == 0) {
- safe_system("/etc/rc.d/init.d/snort stop");
- } else if (strcmp(argv[1], "restart") == 0) {
- safe_system("/etc/rc.d/init.d/snort restart");
- } else {
- fprintf(stderr, "\nBad argument given.\n\nsnortctrl (start|stop|restart)\n\n");
- exit(1);
- }
-
- return 0;
-}
--- /dev/null
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+
+ if (!(initsetuid()))
+ exit(1);
+
+ if (argc < 2) {
+ fprintf(stderr, "\nNo argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "start") == 0) {
+ safe_system("/etc/rc.d/init.d/suricata start");
+ } else if (strcmp(argv[1], "stop") == 0) {
+ safe_system("/etc/rc.d/init.d/suricata stop");
+ } else if (strcmp(argv[1], "restart") == 0) {
+ safe_system("/etc/rc.d/init.d/suricata restart");
+ } else if (strcmp(argv[1], "reload") == 0) {
+ safe_system("/etc/rc.d/init.d/suricata reload");
+ } else if (strcmp(argv[1], "fix-rules-dir") == 0) {
+ safe_system("chown -R nobody:nobody /var/lib/suricata");
+ } else if (strcmp(argv[1], "cron") == 0) {
+ safe_system("rm /etc/fcron.*/suricata >/dev/null 2>&1");
+ if (strcmp(argv[2], "off") == 0) {
+ return(1);
+ } else if (strcmp(argv[2], "daily") == 0){
+ safe_system("ln -s /usr/local/bin/update-ids-ruleset /etc/fcron.daily/suricata");
+ } else if (strcmp(argv[2], "weekly") == 0){
+ safe_system("ln -s /usr/local/bin/update-ids-ruleset /etc/fcron.weekly/suricata");
+ } else{
+ printf("invalid parameter(s)\n");
+ return(1);
+ }
+ } else {
+ fprintf(stderr, "\nBad argument given.\n\nsuricatactrl (start|stop|restart|reload)\n\n");
+ exit(1);
+ }
+
+ return 0;
+}
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+extract_files
+
+restore_backup "${NAME}"
+
+start_service "${NAME}"
+
+# Enable autostart
+ln -sf ../init.d/dnsdist /etc/rc.d/rc0.d/K25dnsdist
+ln -sf ../init.d/dnsdist /etc/rc.d/rc3.d/S35dnsdist
+ln -sf ../init.d/dnsdist /etc/rc.d/rc6.d/K25dnsdist
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+extract_backup_includes
+
+stop_service ${NAME}
+
+make_backup ${NAME}
+
+remove_files
+
+rm -rfv /etc/rc.d/rc*.d/*dnsdist
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
-# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# Copyright (C) 2007-2019 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
+
+# Run Tor as dedicated user and make sure user and group exist
+if ! getent group tor &>/dev/null; then
+ groupadd -g 119 tor
+fi
+
+if ! getent passwd tor; then
+ useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor
+fi
+
+# Adjust some folder permission for new UID/GID
+chown -R tor:tor /var/lib/tor /var/ipfire/tor
+
extract_files
restore_backup ${NAME}
start_service --background ${NAME}
--- /dev/null
+diff -Naur linux-4.14.103.org/drivers/net/wireless/ath/regd.c linux-4.14.103/drivers/net/wireless/ath/regd.c
+--- linux-4.14.103.org/drivers/net/wireless/ath/regd.c 2019-02-23 09:06:44.000000000 +0100
++++ linux-4.14.103/drivers/net/wireless/ath/regd.c 2019-03-30 11:35:53.177299394 +0100
+@@ -24,6 +24,7 @@
+ #include "regd_common.h"
+
+ static int __ath_regd_init(struct ath_regulatory *reg);
++static struct reg_dmn_pair_mapping *ath_get_regpair(int regdmn);
+
+ /*
+ * This is a set of common rules used by our world regulatory domains.
+@@ -116,6 +117,9 @@
+
+ static bool dynamic_country_user_possible(struct ath_regulatory *reg)
+ {
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return true;
++
+ if (IS_ENABLED(CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING))
+ return true;
+
+@@ -188,6 +192,8 @@
+
+ static bool ath_reg_dyn_country_user_allow(struct ath_regulatory *reg)
+ {
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return true;
+ if (!IS_ENABLED(CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS))
+ return false;
+ if (!dynamic_country_user_possible(reg))
+@@ -345,6 +351,9 @@
+ struct ieee80211_channel *ch;
+ unsigned int i;
+
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return;
++
+ for (band = 0; band < NUM_NL80211_BANDS; band++) {
+ if (!wiphy->bands[band])
+ continue;
+@@ -378,6 +387,9 @@
+ {
+ struct ieee80211_supported_band *sband;
+
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return;
++
+ sband = wiphy->bands[NL80211_BAND_2GHZ];
+ if (!sband)
+ return;
+@@ -407,6 +419,9 @@
+ struct ieee80211_channel *ch;
+ unsigned int i;
+
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return;
++
+ if (!wiphy->bands[NL80211_BAND_5GHZ])
+ return;
+
+@@ -639,6 +654,10 @@
+ const struct ieee80211_regdomain *regd;
+
+ wiphy->reg_notifier = reg_notifier;
++
++// if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
++ return 0;
++
+ wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
+ REGULATORY_CUSTOM_REG;
+
+++ /dev/null
-diff -Naur linux-4.9.8.org/drivers/net/wireless/ath/regd.c linux-4.9.8/drivers/net/wireless/ath/regd.c
---- linux-4.9.8.org/drivers/net/wireless/ath/regd.c 2017-02-04 09:47:29.000000000 +0100
-+++ linux-4.9.8/drivers/net/wireless/ath/regd.c 2017-02-11 15:31:20.502527360 +0100
-@@ -341,6 +341,8 @@
- struct ieee80211_channel *ch;
- unsigned int i;
-
-+ return;
-+
- for (band = 0; band < NUM_NL80211_BANDS; band++) {
- if (!wiphy->bands[band])
- continue;
-@@ -374,6 +376,8 @@
- {
- struct ieee80211_supported_band *sband;
-
-+ return;
-+
- sband = wiphy->bands[NL80211_BAND_2GHZ];
- if (!sband)
- return;
-@@ -402,6 +406,8 @@
- struct ieee80211_channel *ch;
- unsigned int i;
-
-+ return;
-+
- if (!wiphy->bands[NL80211_BAND_5GHZ])
- return;
-
-@@ -632,6 +638,8 @@
- {
- const struct ieee80211_regdomain *regd;
-
-+ return 0;
-+
- wiphy->reg_notifier = reg_notifier;
- wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
- REGULATORY_CUSTOM_REG;
/*
** ===================================================================
-@@ -175,9 +180,9 @@
+@@ -200,9 +205,9 @@
#else /* }{ */
--- /dev/null
+Submitted By: Igor Živković <contact@igor-zivkovic.from.hr>
+Date: 2013-06-19
+Initial Package Version: 5.2.2
+Upstream Status: Rejected
+Origin: Arch Linux packages repository
+Description: Adds the compilation of a shared library.
+
+diff -Naur lua-5.3.0.orig/Makefile lua-5.3.0/Makefile
+--- lua-5.3.0.orig/Makefile 2014-10-30 00:14:41.000000000 +0100
++++ lua-5.3.0/Makefile 2015-01-19 22:14:09.822290828 +0100
+@@ -52,7 +52,7 @@
+ all: $(PLAT)
+
+ $(PLATS) clean:
+- cd src && $(MAKE) $@
++ cd src && $(MAKE) $@ V=$(V) R=$(R)
+
+ test: dummy
+ src/lua -v
+diff -Naur lua-5.3.0.orig/src/Makefile lua-5.3.0/src/Makefile
+--- lua-5.3.0.orig/src/Makefile 2015-01-05 17:04:52.000000000 +0100
++++ lua-5.3.0/src/Makefile 2015-01-19 22:14:52.559378543 +0100
+@@ -7,7 +7,7 @@
+ PLAT= none
+
+ CC= gcc -std=gnu99
+-CFLAGS= -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
++CFLAGS= -fPIC -O2 -Wall -Wextra -DLUA_COMPAT_5_2 $(SYSCFLAGS) $(MYCFLAGS)
+ LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)
+ LIBS= -lm $(SYSLIBS) $(MYLIBS)
+
+@@ -29,6 +29,7 @@
+ PLATS= aix bsd c89 freebsd generic linux macosx mingw posix solaris
+
+ LUA_A= liblua.a
++LUA_SO= liblua.so
+ CORE_O= lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o \
+ lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o \
+ ltm.o lundump.o lvm.o lzio.o
+@@ -43,7 +44,7 @@
+ LUAC_O= luac.o
+
+ ALL_O= $(BASE_O) $(LUA_O) $(LUAC_O)
+-ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T)
++ALL_T= $(LUA_A) $(LUA_T) $(LUAC_T) $(LUA_SO)
+ ALL_A= $(LUA_A)
+
+ # Targets start here.
+@@ -59,6 +60,12 @@
+ $(AR) $@ $(BASE_O)
+ $(RANLIB) $@
+
++$(LUA_SO): $(CORE_O) $(LIB_O)
++ $(CC) -shared -ldl -Wl,-soname,$(LUA_SO).$(V) -o $@.$(R) $? -lm $(MYLDFLAGS)
++ ln -sf $(LUA_SO).$(R) $(LUA_SO).$(V)
++ ln -sf $(LUA_SO).$(R) $(LUA_SO)
++
++
+ $(LUA_T): $(LUA_O) $(LUA_A)
+ $(CC) -o $@ $(LDFLAGS) $(LUA_O) $(LUA_A) $(LIBS)
+
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/lang.pl";
+
+# Check if the red device is active.
+unless (-e "${General::swroot}/red/active") {
+ # Store notice in the syslog.
+ &IDS::_log_to_syslog("The system is offline.");
+
+ # Store error message for displaying in the WUI.
+ &IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");
+
+ # Exit.
+ exit 0;
+}
+
+# Check if enought free disk space is availabe.
+if(&IDS::checkdiskspace()) {
+ # Store the error message for displaying in the WUI.
+ &IDS::_store_error_message("$Lang::tr{'not enough disk space'}");
+
+ # Exit.
+ exit 0;
+}
+
+# Lock the IDS page.
+&IDS::lock_ids_page();
+
+# Call the download function and gather the new ruleset.
+if(&IDS::downloadruleset()) {
+ # Store error message for displaying in the WUI.
+ &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+
+ # Exit.
+ exit 0;
+}
+
+# Call oinkmaster to alter the ruleset.
+&IDS::oinkmaster();
+
+# Set correct ownership for the rulesdir and files.
+&IDS::set_ownership("$IDS::rulespath");
+
+# Unlock the IDS page.
+&IDS::unlock_ids_page();
+
+# Check if the IDS is running.
+if(&IDS::ids_is_running()) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
+}
+
+1;