sub _get_dl_rulesfile($) {
my ($provider) = @_;
- # Check if the requested provider is known.
- if ($IDS::Ruleset::Providers{$provider}) {
- # Gather the download type for the given provider.
- my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+ # Abort if the requested provider is not known.
+ return unless($IDS::Ruleset::Providers{$provider});
+ # Try to gather the download type for the given provider.
+ my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+ # Check if a download type could be grabbed.
+ if ($dl_type) {
# Obtain the file suffix for the download file type.
my $suffix = $dl_type_to_suffix{$dl_type};
lib/firmware/nvidia/tegra210/vic.bin
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/index.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/update-ids-ruleset
var/ipfire/backup/bin/backup.pl
+var/ipfire/ids-functions.pl
var/ipfire/main/manualpages
var/ipfire/ovpn/openssl/ovpn.cnf
--- /dev/null
+../../../common/ids-ruleset-sources
\ No newline at end of file
# Set correct ownership
chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+# Check if the drop hostile in and out logging options need to be added
+# into the optionsfw settings file and apply to firewall
+if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
+ ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
+ sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
+ sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
+ /usr/local/bin/firewallctrl
+fi
+
# Rebuild initial ramdisks
dracut --regenerate-all --force
KVER="xxxKVERxxx"
dl_type => "plain",
},
+ # Positive Technologies Attack Detection Team rules.
+ attack_detection => {
+ summary => "PT Attack Detection Team Rules",
+ website => "https://github.com/ptresearch/AttackDetection",
+ tr_string => "attack detection team rules",
+ },
+
+ # Secureworks Security rules.
+ secureworks_security => {
+ summary => "Secureworks Security Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks security ruleset",
+ },
+
+ # Secureworks Malware rules.
+ secureworks_malware => {
+ summary => "Secureworks Malware Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks malware ruleset",
+ },
+
+ # Secureworks Enhanced rules.
+ secureworks_enhanced => {
+ summary => "Secureworks Enhanced Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks enhanced ruleset",
+ },
+
# ThreatFox
threatfox => {
summary => "ThreatFox Indicators Of Compromise Rules",
my $subscription_code = $used_providers{$id}[1];
my $autoupdate_status = $used_providers{$id}[2];
my $status = $used_providers{$id}[3];
+ my $unsupported;
# Check if the item number is even or not.
if ($line % 2) {
}
# Handle providers which are not longer supported.
- unless ($provider_name) {
- # Set the provider name to the provider handle
- # to display something helpful.
- $provider_name = $provider;
-
- # Assign background color
- $col="bgcolor='#FF4D4D'";
+ unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
+ # Mark this provider as unsupported.
+ $unsupported = "<img src='/blob.gif' alt='*'>";
}
# Choose icons for the checkboxes.
print <<END;
<tr>
- <td width='33%' class='base' $col>$provider_name</td>
+ <td width='33%' class='base' $col>$provider_name$unsupported</td>
<td width='30%' class='base' $col>$rulesetdate</td>
<td align='center' $col>
<hr>
<br>
- <div align='right'>
- <table width='100%'>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <tr>
+ <table width='100%'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <tr>
+ <td>
+END
+ print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+ </td>
+ <td><div align='right'>
END
# Only show this button if a ruleset provider is configured.
}
print <<END;
<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
- </tr>
- </form>
- </table>
- </div>
+ </div></td>
+ </tr>
+ </form>
+ </table>
END
&Header::closebox();
# Grab the provider handle.
my $provider = $tmphash{$provider_name};
+ # Check if we are not in edit mode.
+ if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") {
+ # Skip unsupported ruleset provider.
+ next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"}));
+ }
+
# Pre-select the provider if one is given.
if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) {
$selected{$provider} = "selected='selected'";
}
# Disable the manual update button if the provider is not longer supported.
- unless ($IDS::Ruleset::Providers{$provider}) {
+ unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
$disabled_update = "disabled";
}
'ids show' => 'Anzeigen',
'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
'ids visit provider website' => 'Anbieter-Webseite besuchen',
'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
'ids subscription code required' => 'The selected ruleset requires a subscription code',
'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
'ids visit provider website' => 'Visit provider website',
'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
'iface' => 'Iface',
my $autoupdate_status = $providers{$id}[3];
# Skip unsupported providers.
- next unless($IDS::Ruleset::Providers{$provider});
+ next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
# Skip the provider if it is not enabled.
next unless($enabled_status eq "enabled");