From: Arne Fitzenreiter Date: Tue, 7 Apr 2020 08:54:27 +0000 (+0000) Subject: core143: add suricata http port changes X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e4013c9dabd55f399b57939a4ad9b5192aac8077;p=people%2Fms%2Fipfire-2.x.git core143: add suricata http port changes Signed-off-by: Arne Fitzenreiter --- diff --git a/config/rootfiles/core/143/filelists/files b/config/rootfiles/core/143/filelists/files index 816fffe9a2..e052d0e12c 100644 --- a/config/rootfiles/core/143/filelists/files +++ b/config/rootfiles/core/143/filelists/files @@ -11,8 +11,10 @@ srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/mail.cgi srv/web/ipfire/cgi-bin/netother.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/lib/firewall/rules.pl +usr/sbin/convert-snort var/ipfire/backup/bin/backup.pl var/ipfire/backup/include var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/143/update.sh b/config/rootfiles/core/143/update.sh index cb07bbb59c..9cd426447a 100644 --- a/config/rootfiles/core/143/update.sh +++ b/config/rootfiles/core/143/update.sh @@ -75,6 +75,11 @@ telinit u # Apply local configuration to sshd_config /usr/local/bin/sshctrl +# Generate new http ports file for suricata +perl -e "require '/var/ipfire/ids-functions.pl'; \ + &IDS::generate_http_ports_file(); \ + &IDS::set_ownership(\"\$IDS::http_ports_file\"); " + # Start services /usr/local/bin/ipsecctrl S /etc/init.d/unbound restart @@ -100,8 +105,6 @@ done # Filesytem cleanup /usr/local/bin/filesystem-cleanup -# Start services - # This update needs a reboot... #touch /var/run/need_reboot diff --git a/config/suricata/suricata-generate-http-ports-file b/config/suricata/suricata-generate-http-ports-file deleted file mode 100644 index f0d6bb823a..0000000000 --- a/config/suricata/suricata-generate-http-ports-file +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2012 IPFire Development Team # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/ids-functions.pl"; - -exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file); - -# -## Step 1: Generate and write the HTTP ports file. -# - -# Call subfunction to generate the HTTP ports file. -&IDS::generate_http_ports_file(); - -# Set correct ownership. -&IDS::set_ownership("$IDS::http_ports_file"); - -# -## Step 2: Restart suricata if necessary. -# - -# Check if the IDS should be started. -if(&IDS::ids_is_running()) { - # Call suricatactrl and reload the rules. - &IDS::call_suricatactrl("restart"); -}