Stefan Schantl [Thu, 18 Feb 2016 17:17:24 +0000 (18:17 +0100)]
perl-Net-IP: New package
The perl-Net-IP module provides various methods for validating
and calculating IP-addresses (both IP protocols supported) and
is a runtime dependency of guardian 2.0.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 27 Jun 2016 10:52:39 +0000 (12:52 +0200)]
guardian.cgi: Show/Hide options using Java Script.
The options for configuring the log file location and
snort alert priority level now dynamically will be
displayed or hidden if the desired options or feature
is not used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 21 Jun 2016 08:05:01 +0000 (10:05 +0200)]
guardian.cgi: Use new feature of ignore file inclusion.
Add support and usage of the recently introduced feature of
including other files in the ignore file to add
the red related IP-addresses to the ignore list on IPFire
systems.
Also use reload-ignore-list feature instead of reloading the
whole configuration on ignore list modifications.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 29 Apr 2016 08:55:32 +0000 (10:55 +0200)]
guardian.cgi: Add function to generate the guardian.ignore file.
This function is responsible for collecting all required data,
like the green, blue, orange (if the interfaces are available),
red, gateway and used DNS server IP-addresses.
It will add als these addresses and the configured and enabled
user-defined ignored addresses/networks to the ignore file of
guardian to prevent from blocking any of them.
Note:
The IPFire and RED inteface related addresses also will be added
to the ignore file, even if there is no user-defined entry in the
list.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 24 Feb 2016 08:19:39 +0000 (09:19 +0100)]
guardian.cgi: Rename hash keys for enabled modules.
Rename the hash key names of enabled parser modules,
(services which should be monitored by guardian) to
keep the same name sheme than in the guardian config
file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Change case of the unit "bit" from "Bit" to "bit" in web UI
The correct case for "kilobit" is "kilobit", not "kiloBit".
And the same applies for Mbit, Gbit etc.
Reference is https://en.wikipedia.org/wiki/Kilobit
This commit changes the texts used in the web UI, so
that it correctly displays as "bit", "kbit", "Mbit" etc.
This fixes bugzilla item 10918.
Signed-off-by: Alf Høgemark <alf@i100.no> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch update qemu to version 2.6
For changelogs see:
http://wiki.qemu.org/ChangeLog/2.5
http://wiki.qemu.org/ChangeLog/2.6
Qemu try to built with bluez, but before version 2.6 bluez was not used
by qemu on IPFire, so I think it is better to disable bluez because
nobody needs it before version 2.6 and our bluez is not the latest
version so I think this will cause more problems than benefits.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is an security update.
Recent were 2 serious security vulnerabilities published.
This patch update spice to a version which is not vulnerable.
Changelog:
Changes in 0.12.8:
==================
* Fixes for CVE-2016-0749 and CVE-2016-2150
Changes in 0.12.7:
==================
* spice-server will now send TCP keepalive probes on the TCP connections
it
uses. This can prevent unwanted idle disconnections if proxies are
used
between the client and the host.
* Fix important memory usage when the webdav channel is used
* Do not disconnect when the client requests an unsupported compression
type
* Fix a few race conditions
* Fix display glitch when using XSpice
* Improve help string for 'replay -s'
* Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE
port
configured, USB webcam redirection over a slow link)
* Fix various compilation warning when building on 32 bit machines
* Some fixes for big-endian machines, more work is likely to be needed
* Do not build static libraries by default, this can be reenabled with
--enable-static
* Fix small leak in MJPEG code
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The libvirt daemon was not started after installation because the
initscritp is named 'libvirtd' not like the package 'libvirt'.
The same problem appear in the uninstall.sh. The service was not
stopped.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 17 Jun 2016 11:06:40 +0000 (13:06 +0200)]
Qemu: add a group kvm to access /dev/kvm eaiser
As a normal user, it is not possible to use qemu with KVM. This is bad
because it is better when it is possible to start the machine with a
less privileged user. To achieve this a group KVM is created and the
access to /dev/kvm is allowed for this group. So every user in this
group can use qemu with KVM.
This change is also useful for libvirt because the VMs can be started
with user nobody and group kvm.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 10 Jun 2016 08:13:41 +0000 (10:13 +0200)]
Fix in pakfire functions.sh
The if statement in line 89 and 99 are useless with the -e
conditional expression because it returns true if the path ist a
regular file or a directory.
So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true,
but the statement should return only true if we have a regular file.
So -f if the right conditional expression, and we only try to execute
the init script if the path "/etc/init.d/${1}" points to a regular file.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 10 Jun 2016 08:57:13 +0000 (10:57 +0200)]
Change the default libvirt remote user to libvirt-remote
It is possible to communicate per ssh via a socket with libvirt. It is
not a good idea to do this as root, so the remote user is now
libvirt-remote. Only this user or users in the group libvirt-remote can
communicate with the socket.
The user libvirt-remote is created without a password. The users have to
set a password for this user after installation.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>