rm -rf "/var/ipfire/snort"
fi
+ # IDS multiple providers converter.
+ if [ -e "/var/ipfire/suricata/rules-settings" ]; then
+ # Run the converter
+ convert-ids-multiple-providers
+ fi
+
# Convert DNS settings
convert-dns-settings
/var/ipfire/qos/bin/qos.sh
/var/ipfire/suricata/*.conf
/var/ipfire/suricata/*.yaml
-/var/ipfire/suricata/rules-settings
+/var/ipfire/suricata/providers-settings
/var/ipfire/*/settings
/var/ipfire/time/
/var/ipfire/urlfilter
/var/log/rrd/*
/var/log/rrd/collectd
/var/log/vnstat
-/var/tmp/idsrules.tar.gz
+/var/tmp/idsrules-*.tar.gz
+/var/tmp/idsrules-*.rules
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2005-2010 IPFire Team #
+# Copyright (C) 2005-2021 IPFire Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
sub makegraphbox {
my ($origin, $name, $default_range) = @_;
-
+
# Optional time range: Default to "day" unless otherwise specified
$default_range = "day" unless ($default_range ~~ @time_ranges);
"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j"
);
-
+
my $nice = "CDEF:nice=";
my $interrupt = "CDEF:interrupt=";
my $steal = "CDEF:steal=";
my $iowait = "CDEF:iowait=";
my $irq = "CDEF:irq=";
my $addstring = "";
-
+
for(my $i = 0; $i < $cpucount; $i++) {
push(@command,"DEF:iowait".$i."=".$mainsettings{'RRDLOG'}."/collectd/localhost/cpu-".$i."/cpu-wait.rrd:value:AVERAGE"
,"DEF:nice".$i."=".$mainsettings{'RRDLOG'}."/collectd/localhost/cpu-".$i."/cpu-nice.rrd:value:AVERAGE"
$iowait .= "iowait".$i.",";
$irq .= "irq".$i.",";
}
-
+
for(my $i = 2; $i < $cpucount; $i++) {
$addstring .= "ADDNAN,";
}
"DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+ "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+ "DEF:hostile=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
"COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
"GPRINT:portscan:AVERAGE:%8.1lf %sBps",
"GPRINT:portscan:MIN:%8.1lf %sBps",
"GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+ "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+ "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+ "STACK:hostile".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks'}),
+ "GPRINT:hostile:MAX:%8.1lf %sBps",
+ "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostile:MIN:%8.1lf %sBps",
+ "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
);
$ERROR = RRDs::error;
return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR;
# #
############################################################################
+use strict;
+
package IDS;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/network-functions.pl";
+require "${General::swroot}/suricata/ruleset-sources";
# Location where all config and settings files are stored.
our $settingsdir = "${General::swroot}/suricata";
-# File where the used rulefiles are stored.
-our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
+# File where the main file for providers ruleset inclusion exists.
+our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml";
+
+# File for static ruleset inclusions.
+our $suricata_default_rulefiles_file = "$settingsdir/suricata-default-rules.yaml";
# File where the addresses of the homenet are stored.
our $homenet_file = "$settingsdir/suricata-homenet.yaml";
# File where the HTTP ports definition is stored.
our $http_ports_file = "$settingsdir/suricata-http-ports.yaml";
-# File which contains the enabled sids.
-our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf";
-
-# File which contains the disabled sids.
-our $disabled_sids_file = "$settingsdir/oinkmaster-disabled-sids.conf";
+# File which contains includes for provider specific rule modifications.
+our $oinkmaster_provider_includes_file = "$settingsdir/oinkmaster-provider-includes.conf";
# File which contains wheater the rules should be changed.
our $modify_sids_file = "$settingsdir/oinkmaster-modify-sids.conf";
# File which stores the configured IPS settings.
our $ids_settings_file = "$settingsdir/settings";
-# File which stores the configured rules-settings.
-our $rules_settings_file = "$settingsdir/rules-settings";
+# File which stores the used and configured ruleset providers.
+our $providers_settings_file = "$settingsdir/providers-settings";
# File which stores the configured settings for whitelisted addresses.
our $ignored_file = "$settingsdir/ignored";
-# Location and name of the tarball which contains the ruleset.
-our $rulestarball = "/var/tmp/idsrules.tar.gz";
+# Location where the downloaded rulesets are stored.
+our $dl_rules_path = "/var/tmp";
# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";
# Location where the rulefiles are stored.
our $rulespath = "/var/lib/suricata";
+# Location where the default rulefils are stored.
+our $default_rulespath = "/usr/share/suricata/rules";
+
+# Location where the addition config files are stored.
+our $configspath = "/usr/share/suricata";
+
+# Location of the classification file.
+our $classification_file = "$configspath/classification.config";
+
+# Location of the sid to msg mappings file.
+our $sid_msg_file = "$rulespath/sid-msg.map";
+
# Location to store local rules. This file will not be touched.
our $local_rules_file = "$rulespath/local.rules";
# Location of suricatactrl.
my $suricatactrl = "/usr/local/bin/suricatactrl";
+# Prefix for each downloaded ruleset.
+my $dl_rulesfile_prefix = "idsrules";
+
+# Temporary directory where the rulesets will be extracted.
+my $tmp_directory = "/tmp/ids_tmp";
+
+# Temporary directory where the extracted rules files will be stored.
+my $tmp_rules_directory = "$tmp_directory/rules";
+
+# Temporary directory where the extracted additional config files will be stored.
+my $tmp_conf_directory = "$tmp_directory/conf";
+
# Array with allowed commands of suricatactrl.
my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
# http_ports_file.
my @http_ports = ('80', '81');
+# Array which contains a list of rulefiles which always will be included if they exist.
+my @static_included_rulefiles = ('local.rules', 'whitelist.rules');
+
+# Array which contains a list of allways enabled application layer protocols.
+my @static_enabled_app_layer_protos = ('app-layer', 'decoder', 'files', 'stream');
+
+# Hash which allows to convert the download type (dl_type) to a file suffix.
+my %dl_type_to_suffix = (
+ "archive" => ".tar.gz",
+ "plain" => ".rules",
+);
+
+# Hash to translate an application layer protocol to the application name.
+my %tr_app_layer_proto = (
+ "ikev2" => "ipsec",
+ "krb5" => "kerberos",
+);
+
#
## Function to check and create all IDS related files, if the does not exist.
#
sub check_and_create_filelayout() {
# Check if the files exist and if not, create them.
- unless (-f "$enabled_sids_file") { &create_empty_file($enabled_sids_file); }
- unless (-f "$disabled_sids_file") { &create_empty_file($disabled_sids_file); }
+ unless (-f "$oinkmaster_provider_includes_file") { &create_empty_file($oinkmaster_provider_includes_file); }
unless (-f "$modify_sids_file") { &create_empty_file($modify_sids_file); }
- unless (-f "$used_rulefiles_file") { &create_empty_file($used_rulefiles_file); }
+ unless (-f "$suricata_used_providers_file") { &create_empty_file($suricata_used_providers_file); }
+ unless (-f "$suricata_default_rulefiles_file") { &create_empty_file($suricata_default_rulefiles_file); }
unless (-f "$ids_settings_file") { &create_empty_file($ids_settings_file); }
- unless (-f "$rules_settings_file") { &create_empty_file($rules_settings_file); }
+ unless (-f "$providers_settings_file") { &create_empty_file($providers_settings_file); }
unless (-f "$ignored_file") { &create_empty_file($ignored_file); }
unless (-f "$whitelist_file" ) { &create_empty_file($whitelist_file); }
}
+#
+## Function to get a list of all available ruleset providers.
+##
+## They will be returned as a sorted array.
+#
+sub get_ruleset_providers() {
+ my @providers;
+
+ # Loop through the hash of providers.
+ foreach my $provider ( keys %IDS::Ruleset::Providers ) {
+ # Add the provider to the array.
+ push(@providers, $provider);
+ }
+
+ # Sort and return the array.
+ return sort(@providers);
+}
+
+#
+## Function to get a list of all enabled ruleset providers.
+##
+## They will be returned as an array.
+#
+sub get_enabled_providers () {
+ my %used_providers = ();
+
+ # Array to store the enabled providers.
+ my @enabled_providers = ();
+
+ # Read-in the providers config file.
+ &General::readhasharray("$providers_settings_file", \%used_providers);
+
+ # Loop through the hash of used_providers.
+ foreach my $id (keys %used_providers) {
+ # Skip disabled providers.
+ next unless ($used_providers{$id}[3] eq "enabled");
+
+ # Grab the provider handle.
+ my $provider = "$used_providers{$id}[0]";
+
+ # Add the provider to the array of enabled providers.
+ push(@enabled_providers, $provider);
+ }
+
+ # Return the array.
+ return @enabled_providers;
+}
+
#
## Function for checking if at least 300MB of free disk space are available
## on the "/var" partition.
}
#
-## This function is responsible for downloading the configured IDS ruleset.
+## This function is responsible for downloading the configured IDS rulesets or if no one is specified
+## all configured rulesets will be downloaded.
##
-## * At first it obtains from the stored rules settings which ruleset should be downloaded.
-## * The next step is to get the download locations for all available rulesets.
-## * After that, the function will check if an upstream proxy should be used and grab the settings.
-## * The last step will be to generate the final download url, by obtaining the URL for the desired
-## ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
+## * At first it gathers all configured ruleset providers, initialize the downloader and sets an
+## upstream proxy if configured.
+## * After that, the given ruleset or in case all rulesets should be downloaded, it will determine wether it
+## is enabled or not.
+## * The next step will be to generate the final download url, by obtaining the URL for the desired
+## ruleset, add the settings for the upstream proxy.
+## * Finally the function will grab all the rules files or tarballs from the servers.
#
-sub downloadruleset {
- # Get rules settings.
- my %rulessettings=();
- &General::readhash("$rules_settings_file", \%rulessettings);
+sub downloadruleset ($) {
+ my ($provider) = @_;
+
+ # If no provider is given default to "all".
+ $provider //= 'all';
+
+ # Hash to store the providers and access id's, for which rules should be downloaded.
+ my %sheduled_providers = ();
+
+ # Get used provider settings.
+ my %used_providers = ();
+ &General::readhasharray("$providers_settings_file", \%used_providers);
# Check if a ruleset has been configured.
- unless($rulessettings{'RULES'}) {
+ unless(%used_providers) {
# Log that no ruleset has been configured and abort.
- &_log_to_syslog("No ruleset source has been configured.");
+ &_log_to_syslog("No ruleset provider has been configured.");
# Return "1".
return 1;
}
- # Get all available ruleset locations.
- my %rulesetsources=();
- &General::readhash($rulesetsourcesfile, \%rulesetsources);
-
# Read proxysettings.
my %proxysettings=();
&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
$downloader->proxy(['http', 'https'], $proxy_url);
}
- # Grab the right url based on the configured vendor.
- my $url = $rulesetsources{$rulessettings{'RULES'}};
+ # Loop through the hash of configured providers.
+ foreach my $id ( keys %used_providers ) {
+ # Skip providers which are not enabled.
+ next if ($used_providers{$id}[3] ne "enabled");
- # Check if the vendor requires an oinkcode and add it if needed.
- $url =~ s/\<oinkcode\>/$rulessettings{'OINKCODE'}/g;
+ # Obtain the provider handle.
+ my $provider_handle = $used_providers{$id}[0];
- # Abort if no url could be determined for the vendor.
- unless ($url) {
- # Log error and abort.
- &_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
- return 1;
+ # Handle update off all providers.
+ if (($provider eq "all") || ($provider_handle eq "$provider")) {
+ # Add provider handle and it's id to the hash of sheduled providers.
+ $sheduled_providers{$provider_handle} = $id;
+ }
}
- # Variable to store the filesize of the remote object.
- my $remote_filesize;
+ # Loop through the hash of sheduled providers.
+ foreach my $provider ( keys %sheduled_providers) {
+ # Log download/update of the ruleset.
+ &_log_to_syslog("Downloading ruleset for provider: $provider.");
- # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
- # for this webserver.
- #
- # Check if the ruleset source contains "snort.org".
- unless ($url =~ /\.snort\.org/) {
- # Pass the requrested url to the downloader.
- my $request = HTTP::Request->new(HEAD => $url);
+ # Grab the download url for the provider.
+ my $url = $IDS::Ruleset::Providers{$provider}{'dl_url'};
+
+ # Check if the provider requires a subscription.
+ if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") {
+ # Grab the previously stored access id for the provider from hash.
+ my $id = $sheduled_providers{$provider};
- # Accept the html header.
- $request->header('Accept' => 'text/html');
+ # Grab the subscription code.
+ my $subscription_code = $used_providers{$id}[1];
- # Perform the request and fetch the html header.
- my $response = $downloader->request($request);
+ # Add the subscription code to the download url.
+ $url =~ s/\<subscription_code\>/$subscription_code/g;
+
+ }
+
+ # Abort if no url could be determined for the provider.
+ unless ($url) {
+ # Log error and abort.
+ &_log_to_syslog("Unable to gather a download URL for the selected ruleset provider.");
+ return 1;
+ }
+
+ # Variable to store the filesize of the remote object.
+ my $remote_filesize;
+
+ # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
+ # for this webserver.
+ #
+ # Check if the ruleset source contains "snort.org".
+ unless ($url =~ /\.snort\.org/) {
+ # Pass the requrested url to the downloader.
+ my $request = HTTP::Request->new(HEAD => $url);
+
+ # Accept the html header.
+ $request->header('Accept' => 'text/html');
+
+ # Perform the request and fetch the html header.
+ my $response = $downloader->request($request);
+
+ # Check if there was any error.
+ unless ($response->is_success) {
+ # Obtain error.
+ my $error = $response->status_line();
+
+ # Log error message.
+ &_log_to_syslog("Unable to download the ruleset. \($error\)");
+
+ # Return "1" - false.
+ return 1;
+ }
+
+ # Assign the fetched header object.
+ my $header = $response->headers();
+
+ # Grab the remote file size from the object and store it in the
+ # variable.
+ $remote_filesize = $header->content_length;
+ }
+
+ # Load perl module to deal with temporary files.
+ use File::Temp;
+
+ # Generate temporary file name, located in "/var/tmp" and with a suffix of ".tmp".
+ my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "/var/tmp/", UNLINK => 0 );
+ my $tmpfile = $tmp->filename();
+
+ # Pass the requested url to the downloader.
+ my $request = HTTP::Request->new(GET => $url);
+
+ # Perform the request and save the output into the tmpfile.
+ my $response = $downloader->request($request, $tmpfile);
# Check if there was any error.
unless ($response->is_success) {
# Obtain error.
- my $error = $response->status_line();
+ my $error = $response->content;
# Log error message.
&_log_to_syslog("Unable to download the ruleset. \($error\)");
return 1;
}
- # Assign the fetched header object.
- my $header = $response->headers();
-
- # Grab the remote file size from the object and store it in the
- # variable.
- $remote_filesize = $header->content_length;
- }
+ # Load perl stat module.
+ use File::stat;
- # Load perl module to deal with temporary files.
- use File::Temp;
+ # Perform stat on the tmpfile.
+ my $stat = stat($tmpfile);
- # Generate temporary file name, located in "/var/tmp" and with a suffix of ".tar.gz".
- my $tmp = File::Temp->new( SUFFIX => ".tar.gz", DIR => "/var/tmp/", UNLINK => 0 );
- my $tmpfile = $tmp->filename();
+ # Grab the local filesize of the downloaded tarball.
+ my $local_filesize = $stat->size;
- # Pass the requested url to the downloader.
- my $request = HTTP::Request->new(GET => $url);
+ # Check if both file sizes match.
+ if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
+ # Log error message.
+ &_log_to_syslog("Unable to completely download the ruleset. ");
+ &_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
- # Perform the request and save the output into the tmpfile.
- my $response = $downloader->request($request, $tmpfile);
+ # Delete temporary file.
+ unlink("$tmpfile");
- # Check if there was any error.
- unless ($response->is_success) {
- # Obtain error.
- my $error = $response->content;
+ # Return "1" - false.
+ return 1;
+ }
- # Log error message.
- &_log_to_syslog("Unable to download the ruleset. \($error\)");
+ # Genarate and assign file name and path to store the downloaded rules file.
+ my $dl_rulesfile = &_get_dl_rulesfile($provider);
- # Return "1" - false.
- return 1;
- }
+ # Check if a file name could be obtained.
+ unless ($dl_rulesfile) {
+ # Log error message.
+ &_log_to_syslog("Unable to store the downloaded rules file. ");
- # Load perl stat module.
- use File::stat;
+ # Delete downloaded temporary file.
+ unlink("$tmpfile");
- # Perform stat on the tmpfile.
- my $stat = stat($tmpfile);
+ # Return "1" - false.
+ return 1;
+ }
- # Grab the local filesize of the downloaded tarball.
- my $local_filesize = $stat->size;
+ # Load file copy module, which contains the move() function.
+ use File::Copy;
- # Check if both file sizes match.
- if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
- # Log error message.
- &_log_to_syslog("Unable to completely download the ruleset. ");
- &_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
+ # Overwrite the may existing rulefile or tarball with the downloaded one.
+ move("$tmpfile", "$dl_rulesfile");
# Delete temporary file.
unlink("$tmpfile");
- # Return "1" - false.
- return 1;
+ # Set correct ownership for the tarball.
+ set_ownership("$dl_rulesfile");
}
- # Load file copy module, which contains the move() function.
+ # If we got here, everything worked fine. Return nothing.
+ return;
+}
+
+#
+## Function to extract a given ruleset.
+##
+## In case the ruleset provider offers a plain file, it simply will
+## be copied.
+#
+sub extractruleset ($) {
+ my ($provider) = @_;
+
+ # Load perl module to deal with archives.
+ use Archive::Tar;
+
+ # Load perl module to deal with files and path.
+ use File::Basename;
+
+ # Load perl module for file copying.
use File::Copy;
- # Overwrite existing rules tarball with the new downloaded one.
- move("$tmpfile", "$rulestarball");
+ # Get full path and downloaded rulesfile for the given provider.
+ my $tarball = &_get_dl_rulesfile($provider);
- # Set correct ownership for the rulesdir and files.
- set_ownership("$rulestarball");
+ # Check if the file exists.
+ unless (-f $tarball) {
+ &_log_to_syslog("Could not find ruleset file: $tarball");
- # If we got here, everything worked fine. Return nothing.
- return;
+ # Return nothing.
+ return;
+ }
+
+ # Check if the temporary directories exist, otherwise create them.
+ mkdir("$tmp_directory") unless (-d "$tmp_directory");
+ mkdir("$tmp_rules_directory") unless (-d "$tmp_rules_directory");
+ mkdir("$tmp_conf_directory") unless (-d "$tmp_conf_directory");
+
+ # Omit the type (dl_type) of the stored ruleset.
+ my $type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+ # Handle the different ruleset types.
+ if ($type eq "plain") {
+ # Generate destination filename an full path.
+ my $destination = "$tmp_rules_directory/$provider\-ruleset.rules";
+
+ # Copy the file into the temporary rules directory.
+ copy($tarball, $destination);
+
+ } elsif ( $type eq "archive") {
+ # Initialize the tar module.
+ my $tar = Archive::Tar->new($tarball);
+
+ # Get the filelist inside the tarball.
+ my @packed_files = $tar->list_files;
+
+ # Loop through the filelist.
+ foreach my $packed_file (@packed_files) {
+ my $destination;
+
+ # Splitt the packed file into chunks.
+ my $file = fileparse($packed_file);
+
+ # Handle msg-id.map file.
+ if ("$file" eq "sid-msg.map") {
+ # Set extract destination to temporary config_dir.
+ $destination = "$tmp_conf_directory/$provider\-sid-msg.map";
+
+ # Handle classification.conf
+ } elsif ("$file" eq "classification.config") {
+ # Set extract destination to temporary config_dir.
+ $destination = "$tmp_conf_directory/$provider\-classification.config";
+
+ # Handle rules files.
+ } elsif ($file =~ m/\.rules$/) {
+ my $rulesfilename;
+
+ # Splitt the filename into chunks.
+ my @filename = split("-", $file);
+
+ # Reverse the array.
+ @filename = reverse(@filename);
+
+ # Get the amount of elements in the array.
+ my $elements = @filename;
+
+ # Remove last element of the hash.
+ # It contains the vendor name, which will be replaced.
+ if ($elements >= 3) {
+ # Remove last element from hash.
+ pop(@filename);
+ }
+
+ # Check if the last element of the filename does not
+ # contain the providers name.
+ if ($filename[-1] ne "$provider") {
+ # Add provider name as last element.
+ push(@filename, $provider);
+ }
+
+ # Reverse the array back.
+ @filename = reverse(@filename);
+
+ # Generate the name for the rulesfile.
+ $rulesfilename = join("-", @filename);
+
+ # Set extract destination to temporaray rules_dir.
+ $destination = "$tmp_rules_directory/$rulesfilename";
+ } else {
+ # Skip all other files.
+ next;
+ }
+
+ # Extract the file to the temporary directory.
+ $tar->extract_file("$packed_file", "$destination");
+ }
+ }
}
#
-## A tiny wrapper function to call the oinkmaster script.
+## A wrapper function to call the oinkmaster script, setup the rules structues and
+## call the functions to merge the additional config files. (classification, sid-msg, etc.).
#
sub oinkmaster () {
# Check if the files in rulesdir have the correct permissions.
&_check_rulesdir_permissions();
- # Cleanup the rules directory before filling it with the new rulest.
+ # Cleanup the rules directory before filling it with the new rulests.
&_cleanup_rulesdir();
+ # Get all enabled providers.
+ my @enabled_providers = &get_enabled_providers();
+
+ # Loop through the array of enabled providers.
+ foreach my $provider (@enabled_providers) {
+ # Call the extractruleset function.
+ &extractruleset($provider);
+ }
+
# Load perl module to talk to the kernel syslog.
use Sys::Syslog qw(:DEFAULT setlogsock);
openlog('oinkmaster', 'cons,pid', 'user');
# Call oinkmaster to generate ruleset.
- open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
+ open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u dir://$tmp_rules_directory -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
# Log output of oinkmaster to syslog.
while(<OINKMASTER>) {
# Close the log handle.
closelog();
+
+ # Call function to merge the classification files.
+ &merge_classifications(@enabled_providers);
+
+ # Call function to merge the sid to message mapping files.
+ &merge_sid_msg(@enabled_providers);
+
+ # Cleanup temporary directory.
+ &cleanup_tmp_directory();
+}
+
+#
+## Function to merge the classifications for a given amount of providers and write them
+## to the classifications file.
+#
+sub merge_classifications(@) {
+ my @providers = @_;
+
+ # Hash to store all collected classifications.
+ my %classifications = ();
+
+ # Loop through the given array of providers.
+ foreach my $provider (@providers) {
+ # Generate full path to classification file.
+ my $classification_file = "$tmp_conf_directory/$provider\-classification.config";
+
+ # Skip provider if no classification file exists.
+ next unless (-f "$classification_file");
+
+ # Open the classification file.
+ open(CLASSIFICATION, $classification_file) or die "Could not open file $classification_file. $!\n";
+
+ # Loop through the file content.
+ while(<CLASSIFICATION>) {
+ # Parse the file and grab the classification details.
+ if ($_ =~/.*config classification\: (.*)/) {
+ # Split the grabbed details.
+ my ($short_name, $short_desc, $priority) = split("\,", $1);
+
+ # Check if the grabbed classification is allready known and the priority value is greater
+ # than the stored one (which causes less priority in the IDS).
+ if (($classifications{$short_name}) && ($classifications{$short_name}[1] >= $priority)) {
+ #Change the priority value to the stricter one.
+ $classifications{$short_name} = [ "$classifications{$short_name}[0]", "$priority" ];
+ } else {
+ # Add the classification to the hash.
+ $classifications{$short_name} = [ "$short_desc", "$priority" ];
+ }
+ }
+ }
+
+ # Close the file.
+ close(CLASSIFICATION);
+ }
+
+ # Open classification file for writing.
+ open(FILE, ">", "$classification_file") or die "Could not write to $classification_file. $!\n";
+
+ # Print notice about autogenerated file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n";
+
+ # Sort and loop through the hash of classifications.
+ foreach my $key (sort keys %classifications) {
+ # Assign some nice variable names for the items.
+ my $short_name = $key;
+ my $short_desc = $classifications{$key}[0];
+ my $priority = $classifications{$key}[1];
+
+ # Write the classification to the file.
+ print FILE "config classification: $short_name,$short_desc,$priority\n";
+ }
+
+ # Close file handle.
+ close(FILE);
+}
+
+#
+## Function to merge the "sid to message mapping" files of various given providers.
+#
+sub merge_sid_msg (@) {
+ my @providers = @_;
+
+ # Hash which contains all the sid to message mappings.
+ my %mappings = ();
+
+ # Loop through the array of given providers.
+ foreach my $provider (@providers) {
+ # Generate full path and filename.
+ my $sid_msg_file = "$tmp_conf_directory/$provider\-sid-msg.map";
+
+ # Skip provider if no sid to msg mapping file for this provider exists.
+ next unless (-f $sid_msg_file);
+
+ # Open the file.
+ open(MAPPING, $sid_msg_file) or die "Could not open $sid_msg_file. $!\n";
+
+ # Loop through the file content.
+ while (<MAPPING>) {
+ # Remove newlines.
+ chomp($_);
+
+ # Skip lines which do not start with a number,
+ next unless ($_ =~ /^\d+/);
+
+ # Split line content and assign it to an array.
+ my @line = split(/ \|\| /, $_);
+
+ # Grab the first element (and remove it) from the line array.
+ # It contains the sid.
+ my $sid = shift(@line);
+
+ # Store the grabbed sid and the remain array as hash value.
+ # It still contains the messages, references etc.
+ $mappings{$sid} = [@line];
+ }
+
+ # Close file handle.
+ close(MAPPING);
+ }
+
+ # Open mappings file for writing.
+ open(FILE, ">", $sid_msg_file) or die "Could not write $sid_msg_file. $!\n";
+
+ # Write notice about autogenerated file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n";
+
+ # Loop through the hash of mappings.
+ foreach my $sid ( sort keys %mappings) {
+ # Grab data for the sid.
+ my @data = @{$mappings{$sid}};
+
+ # Add the sid to the data array.
+ unshift(@data, $sid);
+
+ # Generate line.
+ my $line = join(" \|\| ", @data);
+
+ print FILE "$line\n";
+
+ }
+
+ # Close file handle.
+ close(FILE);
+}
+
+#
+## A very tiny function to move an extracted ruleset from the temporary directory into
+## the rules directory.
+#
+sub move_tmp_ruleset() {
+ # Load perl module.
+ use File::Copy;
+
+ # Do a directory listing of the temporary directory.
+ opendir DH, $tmp_rules_directory;
+
+ # Loop over all files.
+ while(my $file = readdir DH) {
+ # Move them to the rules directory.
+ move "$tmp_rules_directory/$file" , "$rulespath/$file";
+ }
+
+ # Close directory handle.
+ closedir DH;
+}
+
+#
+## Function to cleanup the temporary IDS directroy.
+#
+sub cleanup_tmp_directory () {
+ # Load rmtree() function from file path perl module.
+ use File::Path 'rmtree';
+
+ # Delete temporary directory and all containing files.
+ rmtree([ "$tmp_directory" ]);
}
#
&set_ownership("$storederrorfile");
}
+#
+## Private function to get the path and filename for a downloaded ruleset by a given provider.
+#
+sub _get_dl_rulesfile($) {
+ my ($provider) = @_;
+
+ # Gather the download type for the given provider.
+ my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+ # Obtain the file suffix for the download file type.
+ my $suffix = $dl_type_to_suffix{$dl_type};
+
+ # Check if a suffix has been found.
+ unless ($suffix) {
+ # Abort return - nothing.
+ return;
+ }
+
+ # Generate the full filename and path for the stored rules file.
+ my $rulesfile = "$dl_rules_path/$dl_rulesfile_prefix-$provider$suffix";
+
+ # Return the generated filename.
+ return $rulesfile;
+}
+
+#
+## Tiny function to delete the stored ruleset file or tarball for a given provider.
+#
+sub drop_dl_rulesfile ($) {
+ my ($provider) = @_;
+
+ # Gather the full path and name of the stored rulesfile.
+ my $rulesfile = &_get_dl_rulesfile($provider);
+
+ # Check if the given rulesfile exists.
+ if (-f $rulesfile) {
+ # Delete the stored rulesfile.
+ unlink($rulesfile) or die "Could not delete $rulesfile. $!\n";
+ }
+}
+
+#
+## Tiny function to get/generate the full path and filename for the providers oinkmaster
+## modified sids file.
+#
+sub get_oinkmaster_provider_modified_sids_file ($) {
+ my ($provider) = @_;
+
+ # Generate the filename.
+ my $filename = "$settingsdir/oinkmaster-$provider-modified-sids.conf";
+
+ # Return the filename.
+ return $filename;
+}
+
+#
+## Function to directly altering the oinkmaster provider includes file.
+##
+## Requires tha acition "remove" or "add" and a provider handle.
+#
+sub alter_oinkmaster_provider_includes_file ($$) {
+ my ($action, $provider) = @_;
+
+ # Call function to get the path and name for the given providers
+ # oinkmaster modified sids file.
+ my $provider_modified_sids_file = &get_oinkmaster_provider_modified_sids_file($provider);
+
+ # Open the file for reading..
+ open (FILE, $oinkmaster_provider_includes_file) or die "Could not read $oinkmaster_provider_includes_file. $!\n";
+
+ # Read-in file content.
+ my @lines = <FILE>;
+
+ # Close file after reading.
+ close(FILE);
+
+ # Re-open the file for writing.
+ open(FILE, ">", $oinkmaster_provider_includes_file) or die "Could not write to $oinkmaster_provider_includes_file. $!\n";
+
+ # Loop through the file content.
+ foreach my $line (@lines) {
+ # Remove newlines.
+ chomp($line);
+
+ # Skip line if we found our given provider and the action should be remove.
+ next if (($line =~ /$provider/) && ($action eq "remove"));
+
+ # Write the read-in line back to the file.
+ print FILE "$line\n";
+ }
+
+ # Check if the file exists and add the provider if requested.
+ if ((-f $provider_modified_sids_file) && ($action eq "add")) {
+ print FILE "include $provider_modified_sids_file\n";
+ }
+
+ # Close file handle.
+ close(FILE);
+}
+
+#
+## Function to read-in the given enabled or disables sids file.
+#
+sub read_enabled_disabled_sids_file($) {
+ my ($file) = @_;
+
+ # Temporary hash to store the sids and their state. It will be
+ # returned at the end of this function.
+ my %temphash;
+
+ # Open the given filename.
+ open(FILE, "$file") or die "Could not open $file. $!\n";
+
+ # Loop through the file.
+ while(<FILE>) {
+ # Remove newlines.
+ chomp $_;
+
+ # Skip blank lines.
+ next if ($_ =~ /^\s*$/);
+
+ # Skip coments.
+ next if ($_ =~ /^\#/);
+
+ # Splitt line into sid and state part.
+ my ($state, $sid) = split(" ", $_);
+
+ # Skip line if the sid is not numeric.
+ next unless ($sid =~ /\d+/ );
+
+ # Check if the sid was enabled.
+ if ($state eq "enablesid") {
+ # Add the sid and its state as enabled to the temporary hash.
+ $temphash{$sid} = "enabled";
+ # Check if the sid was disabled.
+ } elsif ($state eq "disablesid") {
+ # Add the sid and its state as disabled to the temporary hash.
+ $temphash{$sid} = "disabled";
+ # Invalid state - skip the current sid and state.
+ } else {
+ next;
+ }
+ }
+
+ # Close filehandle.
+ close(FILE);
+
+ # Return the hash.
+ return %temphash;
+}
+
#
## Function to check if the IDS is running.
#
# We only want files.
next unless (-f "$rulespath/$file");
- # Skip element if it has config as file extension.
- next if ($file =~ m/\.config$/);
-
# Skip rules file for whitelisted hosts.
next if ("$rulespath/$file" eq $whitelist_file);
}
#
-## Function to generate and write the file for used rulefiles.
+## Function to generate and write the file for used rulefiles file for a given provider.
+##
+## The function requires as first argument a provider handle, and as second an array with files.
#
-sub write_used_rulefiles_file(@) {
- my @files = @_;
+sub write_used_provider_rulefiles_file($@) {
+ my ($provider, @files) = @_;
+
+ # Get the path and file for the provider specific used rulefiles file.
+ my $used_provider_rulesfile_file = &get_used_provider_rulesfile_file($provider);
# Open file for used rulefiles.
- open (FILE, ">$used_rulefiles_file") or die "Could not write to $used_rulefiles_file. $!\n";
+ open (FILE, ">", "$used_provider_rulesfile_file") or die "Could not write to $used_provider_rulesfile_file. $!\n";
# Write yaml header to the file.
print FILE "%YAML 1.1\n";
# Write header to file.
print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
- # Allways use the whitelist.
- print FILE " - whitelist.rules\n";
-
# Loop through the array of given files.
foreach my $file (@files) {
# Check if the given filename exists and write it to the file of used rulefiles.
close(FILE);
}
+#
+## Function to write the main file for provider rulesfiles inclusions.
+##
+## This function requires an array of provider handles.
+#
+sub write_main_used_rulefiles_file (@) {
+ my (@providers) = @_;
+
+ # Call function to write the static rulefiles file.
+ &_write_default_rulefiles_file();
+
+ # Open file for used rulefils inclusion.
+ open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n";
+
+ # Write yaml header to the file.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Write header to file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the list of given providers.
+ foreach my $provider (@providers) {
+ # Call function to get the providers used rulefiles file.
+ my $filename = &get_used_provider_rulesfile_file($provider);
+
+ # Check if the file exists and write it into the used rulefiles file.
+ if (-f $filename) {
+ # Print the provider to the file.
+ print FILE "include\: $filename\n";
+ }
+ }
+
+ # Close the filehandle after writing.
+ close(FILE);
+}
+
+sub _write_default_rulefiles_file () {
+ # Get enabled application layer protocols.
+ my @enabled_app_layer_protos = &get_suricata_enabled_app_layer_protos();
+
+ # Open file.
+ open (FILE, ">", $suricata_default_rulefiles_file) or die "Could not write to $suricata_default_rulefiles_file. $!\n";
+
+ # Write yaml header to the file.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Write notice about autogenerated file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the array of static included rulesfiles.
+ foreach my $file (@static_included_rulefiles) {
+ # Check if the file exists.
+ if (-f "$rulespath/$file") {
+ # Write the rulesfile name to the file.
+ print FILE " - $rulespath/$file\n";
+ }
+ }
+
+ print FILE "\n#Default rules for used application layer protocols.\n";
+ foreach my $enabled_app_layer_proto (@enabled_app_layer_protos) {
+ # Check if the current processed app layer proto needs to be translated
+ # into an application name.
+ if (exists($tr_app_layer_proto{$enabled_app_layer_proto})) {
+ # Obtain the translated application name for this protocol.
+ $enabled_app_layer_proto = $tr_app_layer_proto{$enabled_app_layer_proto};
+ }
+
+ # Generate filename.
+ my $rulesfile = "$default_rulespath/$enabled_app_layer_proto\.rules";
+
+ # Check if such a file exists.
+ if (-f "$rulesfile") {
+ # Write the rulesfile name to the file.
+ print FILE " - $rulesfile\n";
+ }
+
+ # Generate filename with "events" in filename.
+ $rulesfile = "$default_rulespath/$enabled_app_layer_proto\-events.rules";
+
+ # Check if this file exists.
+ if (-f "$rulesfile" ) {
+ # Write the rulesfile name to the file.
+ print FILE " - $rulesfile\n";
+ }
+ }
+
+ # Close the file handle
+ close(FILE);
+}
+
+#
+## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider.
+#
+sub get_used_provider_rulesfile_file ($) {
+ my ($provider) = @_;
+
+ my $filename = "$settingsdir/suricata\-$provider\-used\-rulefiles.yaml";
+
+ # Return the gernerated file.
+ return $filename;
+}
+
#
## Function to generate and write the file for modify the ruleset.
#
sub write_modify_sids_file() {
# Get configured settings.
my %idssettings=();
- my %rulessettings=();
&General::readhash("$ids_settings_file", \%idssettings);
- &General::readhash("$rules_settings_file", \%rulessettings);
-
- # Gather the configured ruleset.
- my $ruleset = $rulessettings{'RULES'};
# Open modify sid's file for writing.
open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
# malware in that file. Rules which fall into the first category should stay as
# alert since not all flows of that type contain malware.
- if($ruleset eq 'registered' or $ruleset eq 'subscripted' or $ruleset eq 'community') {
- # These types of rulesfiles contain meta-data which gives the action that should
- # be used when in IPS mode. Do the following:
- #
- # 1. Disable all rules and set the action to 'drop'
- # 2. Set the action back to 'alert' if the rule contains 'flowbits:noalert;'
- # This should give rules not in the policy a reasonable default if the user
- # manually enables them.
- # 3. Enable rules and set actions according to the meta-data strings.
+ # These types of rulesfiles contain meta-data which gives the action that should
+ # be used when in IPS mode. Do the following:
+ #
+ # 1. Disable all rules and set the action to 'drop'
+ # 2. Set the action back to 'alert' if the rule contains 'flowbits:noalert;'
+ # This should give rules not in the policy a reasonable default if the user
+ # manually enables them.
+ # 3. Enable rules and set actions according to the meta-data strings.
- my $policy = 'balanced'; # Placeholder to allow policy to be changed.
+ my $policy = 'balanced'; # Placeholder to allow policy to be changed.
print FILE <<END;
-modifysid * "^#?(?:alert|drop)" | "#drop"
-modifysid * "^#drop(.+flowbits:noalert;)" | "#alert\${1}"
modifysid * "^#(?:alert|drop)(.+policy $policy-ips alert)" | "alert\${1}"
modifysid * "^#(?:alert|drop)(.+policy $policy-ips drop)" | "drop\${1}"
-END
- } else {
- # These rulefiles don't have the metadata, so set rules to 'drop' unless they
- # contain the string 'flowbits:noalert;'.
- print FILE <<END;
modifysid * "^(#?)(?:alert|drop)" | "\${1}drop"
modifysid * "^(#?)drop(.+flowbits:noalert;)" | "\${1}alert\${2}"
END
}
- }
# Close file handle.
close(FILE);
}
+#
+## Function to get the ruleset date for a given provider.
+##
+## The function simply return the creation date in a human read-able format
+## of the stored providers rulesfile.
+#
+sub get_ruleset_date($) {
+ my ($provider) = @_;
+ my $date;
+ my $mtime;
+
+ # Load neccessary perl modules for file stat and to format the timestamp.
+ use File::stat;
+ use POSIX qw( strftime );
+
+ # Get the stored rulesfile for this provider.
+ my $stored_rulesfile = &_get_dl_rulesfile($provider);
+
+ # Check if we got a file.
+ if (-f $stored_rulesfile) {
+ # Call stat on the rulestarball.
+ my $stat = stat("$stored_rulesfile");
+
+ # Get timestamp the file creation.
+ $mtime = $stat->mtime;
+ }
+
+ # Check if the timestamp has not been grabbed.
+ unless ($mtime) {
+ # Return N/A for Not available.
+ return "N/A";
+ }
+
+ # Convert into human read-able format.
+ $date = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
+
+ # Return the date.
+ return $date;
+}
+
#
## Function to gather the version of suricata.
#
}
}
+#
+## Function to get the enabled application layer protocols.
+#
+sub get_suricata_enabled_app_layer_protos() {
+ # Array to store and return the enabled app layer protos.
+ my @enabled_app_layer_protos = ();
+
+ # Execute piped suricata command and return the list of
+ # enabled application layer protocols.
+ open(SURICATA, "suricata --list-app-layer-protos |") or die "Could not execute program: $!";
+
+ # Grab and store the list of enabled application layer protocols.
+ my @output = <SURICATA>;
+
+ # Close pipe.
+ close(SURICATA);
+
+ # Merge allways enabled static application layers protocols array.
+ @enabled_app_layer_protos = @static_enabled_app_layer_protos;
+
+ # Loop through the array which contains the output of suricata.
+ foreach my $line (@output) {
+ # Skip header line which starts with "===".
+ next if ($line =~ /^\s*=/);
+
+ # Skip info or warning lines.
+ next if ($line =~ /\s*--/);
+
+ # Remove newlines.
+ chomp($line);
+
+ # Add enabled app layer proto to the array.
+ push(@enabled_app_layer_protos, $line);
+ }
+
+ # Sort the array.
+ @enabled_app_layer_protos = sort(@enabled_app_layer_protos);
+
+ # Return the array.
+ return @enabled_app_layer_protos;
+}
+
#
## Function to generate the rules file with whitelisted addresses.
#
# Check if the address/network is valid.
if ((&General::validip($address)) || (&General::validipandmask($address))) {
# Write rule line to the file to pass any traffic from this IP
- print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; sid:$sid\;)\n";
+ print FILE "pass ip $address any -> any any (msg:\"pass all traffic from/to $address\"\; bypass; sid:$sid\;)\n";
# Increment sid.
$sid++;
return;
}
+#
+## Function to get the used rules files of a given provider.
+#
+sub read_used_provider_rulesfiles($) {
+ my ($provider) = @_;
+
+ # Array to store the used rulefiles.
+ my @used_rulesfiles = ();
+
+ # Get the used rulesefile file for the provider.
+ my $rulesfile_file = &get_used_provider_rulesfile_file($provider);
+
+ # Check if the a used rulesfile exists for this provider.
+ if (-f $rulesfile_file) {
+ # Open the file or used rulefiles and read-in content.
+ open(FILE, $rulesfile_file) or die "Could not open $rulesfile_file. $!\n";
+
+ while (<FILE>) {
+ # Assign the current line to a nice variable.
+ my $line = $_;
+
+ # Remove newlines.
+ chomp($line);
+
+ # Skip comments.
+ next if ($line =~ /\#/);
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Gather the rulefile.
+ if ($line =~ /.*- (.*)/) {
+ my $rulefile = $1;
+
+ # Add the rulefile to the array of used rulesfiles.
+ push(@used_rulesfiles, $rulefile);
+ }
+ }
+
+ # Close the file.
+ close(FILE);
+ }
+
+ # Return the array of used rulesfiles.
+ return @used_rulesfiles;
+}
+
#
## Function to write the lock file for locking the WUI, while
## the autoupdate script runs.
Chain filter POLICYFWD DROP_FORWARD
Chain filter POLICYOUT DROP_OUTPUT
Chain filter POLICYIN DROP_INPUT
+ Chain filter SPOOFED_MARTIAN DROP_SPOOFED_MARTIAN
+ Chain filter HOSTILE DROP_HOSTILE
</Plugin>
#<Plugin logfile>
Process "charon"
Process "openvpn"
Process "qemu"
- Process "rtorrent"
Process "mpd"
- Process "asterisk"
- Process "java"
- Process "spamd"
</Plugin>
<Plugin rrdtool>
# files from included files. Example to load stuff from "/etc/foo.conf".
# include /etc/foo.conf
-# Include file for enabled sids.
-include /var/ipfire/suricata/oinkmaster-enabled-sids.conf
-
-# Include file for disabled sids.
-include /var/ipfire/suricata/oinkmaster-disabled-sids.conf
+# Include file for provider specific includes.
+include /var/ipfire/suricata/oinkmaster-provider-includes.conf
# Include file which defines the runmode of suricata.
include /var/ipfire/suricata/oinkmaster-modify-sids.conf
+#usr/lib/perl5/site_perl/5.32.1/Net
#usr/lib/perl5/site_perl/5.32.1/Net/DNS
usr/lib/perl5/site_perl/5.32.1/Net/DNS.pm
usr/lib/perl5/site_perl/5.32.1/Net/DNS/Domain.pm
usr/lib/python3.8/lib-dynload/_curses.cpython-38-arm-linux-gnueabi.so
usr/lib/python3.8/lib-dynload/_curses_panel.cpython-38-arm-linux-gnueabi.so
usr/lib/python3.8/lib-dynload/_datetime.cpython-38-arm-linux-gnueabi.so
-usr/lib/python3.8/lib-dynload/_dbm.cpython-38-arm-linux-gnueabi_failed.so
+usr/lib/python3.8/lib-dynload/_dbm.cpython-38-arm-linux-gnueabi.so
usr/lib/python3.8/lib-dynload/_decimal.cpython-38-arm-linux-gnueabi.so
usr/lib/python3.8/lib-dynload/_elementtree.cpython-38-arm-linux-gnueabi.so
usr/lib/python3.8/lib-dynload/_gdbm.cpython-38-arm-linux-gnueabi.so
usr/sbin/convert-snort
usr/sbin/convert-xtaccess
usr/sbin/convert-ids-modifysids-file
+usr/sbin/convert-ids-multiple-providers
usr/sbin/firewall-policy
#var/ipfire
var/ipfire/addon-lang
#usr/include/expat.h
#usr/include/expat_config.h
#usr/include/expat_external.h
-#usr/lib/cmake/expat-2.4.1
-#usr/lib/cmake/expat-2.4.1/expat-config-version.cmake
-#usr/lib/cmake/expat-2.4.1/expat-config.cmake
-#usr/lib/cmake/expat-2.4.1/expat-noconfig.cmake
-#usr/lib/cmake/expat-2.4.1/expat.cmake
+#usr/lib/cmake/expat-2.4.2
+#usr/lib/cmake/expat-2.4.2/expat-config-version.cmake
+#usr/lib/cmake/expat-2.4.2/expat-config.cmake
+#usr/lib/cmake/expat-2.4.2/expat-noconfig.cmake
+#usr/lib/cmake/expat-2.4.2/expat.cmake
#usr/lib/libexpat.a
#usr/lib/libexpat.la
#usr/lib/libexpat.so
usr/lib/libexpat.so.1
-usr/lib/libexpat.so.1.8.1
+usr/lib/libexpat.so.1.8.2
#usr/lib/pkgconfig/expat.pc
#usr/share/doc/expat
-#usr/share/doc/expat-2.4.1
-#usr/share/doc/expat-2.4.1/ok.min.css
-#usr/share/doc/expat-2.4.1/reference.html
-#usr/share/doc/expat-2.4.1/style.css
-#usr/share/doc/expat-2.4.1/valid-xhtml10.png
+#usr/share/doc/expat-2.4.2
+#usr/share/doc/expat-2.4.2/ok.min.css
+#usr/share/doc/expat-2.4.2/reference.html
+#usr/share/doc/expat-2.4.2/style.css
+#usr/share/doc/expat-2.4.2/valid-xhtml10.png
#usr/share/doc/expat/AUTHORS
#usr/share/doc/expat/changelog
#usr/lib/libfreetype.la
#usr/lib/libfreetype.so
usr/lib/libfreetype.so.6
-usr/lib/libfreetype.so.6.18.0
+usr/lib/libfreetype.so.6.18.1
#usr/lib/pkgconfig/freetype2.pc
#usr/share/aclocal/freetype2.m4
#usr/share/man/man1/freetype-config.1
+#usr/bin/gdbm_dump
+#usr/bin/gdbm_load
+#usr/bin/gdbmtool
#usr/include/dbm.h
#usr/include/gdbm.h
#usr/include/ndbm.h
-#usr/info/gdbm.info
-#usr/lib/libgdbm.a
#usr/lib/libgdbm.la
-usr/lib/libgdbm.so
-usr/lib/libgdbm.so.3
-usr/lib/libgdbm.so.3.0.0
-#usr/lib/libgdbm_compat.a
+#usr/lib/libgdbm.so
+usr/lib/libgdbm.so.6
+usr/lib/libgdbm.so.6.0.0
#usr/lib/libgdbm_compat.la
-usr/lib/libgdbm_compat.so
-usr/lib/libgdbm_compat.so.3
-usr/lib/libgdbm_compat.so.3.0.0
-#usr/man/man3
-#usr/man/man3/gdbm.3
+#usr/lib/libgdbm_compat.so
+usr/lib/libgdbm_compat.so.4
+usr/lib/libgdbm_compat.so.4.0.0
+#usr/share/info/gdbm.info
+#usr/share/man/man1/gdbm_dump.1
+#usr/share/man/man1/gdbm_load.1
+#usr/share/man/man1/gdbmtool.1
+#usr/share/man/man3/gdbm.3
#usr/lib/libkmod.la
#usr/lib/libkmod.so
usr/lib/libkmod.so.2
-usr/lib/libkmod.so.2.3.6
+usr/lib/libkmod.so.2.3.7
#usr/lib/pkgconfig/libkmod.pc
#usr/share/bash-completion/completions/kmod
#usr/lib/libusb-1.0.la
#usr/lib/libusb-1.0.so
usr/lib/libusb-1.0.so.0
-usr/lib/libusb-1.0.so.0.2.0
+usr/lib/libusb-1.0.so.0.3.0
#usr/lib/pkgconfig/libusb-1.0.pc
+++ /dev/null
-#usr/lib/perl5/site_perl/5.32.1/Bundle
-usr/lib/perl5/site_perl/5.32.1/Bundle/LWP.pm
-#usr/lib/perl5/site_perl/5.32.1/File
-usr/lib/perl5/site_perl/5.32.1/File/Listing.pm
-usr/lib/perl5/site_perl/5.32.1/HTML/Form.pm
-#usr/lib/perl5/site_perl/5.32.1/HTTP
-#usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies
-usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies/Microsoft.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies/Netscape.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Daemon.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Date.pm
-#usr/lib/perl5/site_perl/5.32.1/HTTP/Headers
-usr/lib/perl5/site_perl/5.32.1/HTTP/Headers.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/Auth.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/ETag.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/Util.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Message.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Negotiate.pm
-#usr/lib/perl5/site_perl/5.32.1/HTTP/Request
-usr/lib/perl5/site_perl/5.32.1/HTTP/Request.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Request/Common.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Response.pm
-usr/lib/perl5/site_perl/5.32.1/HTTP/Status.pm
-#usr/lib/perl5/site_perl/5.32.1/LWP
-usr/lib/perl5/site_perl/5.32.1/LWP.pm
-#usr/lib/perl5/site_perl/5.32.1/LWP/Authen
-usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Basic.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Digest.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Ntlm.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/ConnCache.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Debug.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/DebugFile.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/MediaTypes.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/MemberMixin.pm
-#usr/lib/perl5/site_perl/5.32.1/LWP/Protocol
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/GHTTP.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/cpan.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/data.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/file.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/ftp.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/gopher.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http10.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/https.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/https10.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/loopback.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/mailto.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nntp.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nogo.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/RobotUA.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/Simple.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/UserAgent.pm
-usr/lib/perl5/site_perl/5.32.1/LWP/media.types
-#usr/lib/perl5/site_perl/5.32.1/Net
-#usr/lib/perl5/site_perl/5.32.1/Net/HTTP
-usr/lib/perl5/site_perl/5.32.1/Net/HTTP.pm
-usr/lib/perl5/site_perl/5.32.1/Net/HTTP/Methods.pm
-usr/lib/perl5/site_perl/5.32.1/Net/HTTP/NB.pm
-usr/lib/perl5/site_perl/5.32.1/Net/HTTPS.pm
-#usr/lib/perl5/site_perl/5.32.1/WWW
-#usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules
-usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules.pm
-usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules/AnyDBM_File.pm
-#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww-perl
-#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww-perl/.packlist
-#usr/lib/perl5/site_perl/5.32.1/lwpcook.pod
-#usr/lib/perl5/site_perl/5.32.1/lwptut.pod
-#usr/share/man/man3/Bundle::LWP.3
-#usr/share/man/man3/File::Listing.3
-#usr/share/man/man3/HTML::Form.3
-#usr/share/man/man3/HTTP::Cookies.3
-#usr/share/man/man3/HTTP::Cookies::Microsoft.3
-#usr/share/man/man3/HTTP::Cookies::Netscape.3
-#usr/share/man/man3/HTTP::Daemon.3
-#usr/share/man/man3/HTTP::Date.3
-#usr/share/man/man3/HTTP::Headers.3
-#usr/share/man/man3/HTTP::Headers::Util.3
-#usr/share/man/man3/HTTP::Message.3
-#usr/share/man/man3/HTTP::Negotiate.3
-#usr/share/man/man3/HTTP::Request.3
-#usr/share/man/man3/HTTP::Request::Common.3
-#usr/share/man/man3/HTTP::Response.3
-#usr/share/man/man3/HTTP::Status.3
-#usr/share/man/man3/LWP.3
-#usr/share/man/man3/LWP::Authen::Ntlm.3
-#usr/share/man/man3/LWP::ConnCache.3
-#usr/share/man/man3/LWP::Debug.3
-#usr/share/man/man3/LWP::DebugFile.3
-#usr/share/man/man3/LWP::MediaTypes.3
-#usr/share/man/man3/LWP::MemberMixin.3
-#usr/share/man/man3/LWP::Protocol.3
-#usr/share/man/man3/LWP::RobotUA.3
-#usr/share/man/man3/LWP::Simple.3
-#usr/share/man/man3/LWP::UserAgent.3
-#usr/share/man/man3/Net::HTTP.3
-#usr/share/man/man3/Net::HTTP::NB.3
-#usr/share/man/man3/WWW::RobotRules.3
-#usr/share/man/man3/WWW::RobotRules::AnyDBM_File.3
-#usr/share/man/man3/lwpcook.3
-#usr/share/man/man3/lwptut.3
#usr/lib/libxml2.la
#usr/lib/libxml2.so
usr/lib/libxml2.so.2
-usr/lib/libxml2.so.2.9.10
+usr/lib/libxml2.so.2.9.12
#usr/lib/pkgconfig/libxml-2.0.pc
#usr/lib/xml2Conf.sh
#usr/share/aclocal/libxml.m4
-#usr/share/doc/libxml2-2.9.10
-#usr/share/doc/libxml2-2.9.10/Copyright
-#usr/share/doc/libxml2-2.9.10/examples
-#usr/share/doc/libxml2-2.9.10/examples/testHTML.c
-#usr/share/doc/libxml2-2.9.10/examples/testSAX.c
-#usr/share/doc/libxml2-2.9.10/examples/testXPath.c
-#usr/share/doc/libxml2-2.9.10/examples/xmllint.c
-#usr/share/doc/libxml2-2.9.10/html
-#usr/share/doc/libxml2-2.9.10/html/DOM.gif
-#usr/share/doc/libxml2-2.9.10/html/FAQ.html
-#usr/share/doc/libxml2-2.9.10/html/Libxml2-Logo-180x168.gif
-#usr/share/doc/libxml2-2.9.10/html/Libxml2-Logo-90x34.gif
-#usr/share/doc/libxml2-2.9.10/html/encoding.html
-#usr/share/doc/libxml2-2.9.10/html/examples.xml
-#usr/share/doc/libxml2-2.9.10/html/examples.xsl
-#usr/share/doc/libxml2-2.9.10/html/html
-#usr/share/doc/libxml2-2.9.10/html/html/book1.html
-#usr/share/doc/libxml2-2.9.10/html/html/home.png
-#usr/share/doc/libxml2-2.9.10/html/html/index.html
-#usr/share/doc/libxml2-2.9.10/html/html/left.png
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-DOCBparser.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-HTMLparser.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-HTMLtree.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-SAX.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-SAX2.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-c14n.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-catalog.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-chvalid.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-debugXML.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-dict.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-encoding.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-entities.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-globals.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-hash.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-lib.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-list.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-nanoftp.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-nanohttp.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-parser.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-parserInternals.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-pattern.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-relaxng.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-schemasInternals.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-schematron.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-threads.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-tree.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-uri.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-valid.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xinclude.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xlink.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlIO.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlautomata.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlerror.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlexports.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlmemory.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlmodule.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlreader.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlregexp.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlsave.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlschemas.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlschemastypes.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlstring.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlunicode.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlversion.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlwriter.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpath.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpathInternals.html
-#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpointer.html
-#usr/share/doc/libxml2-2.9.10/html/html/right.png
-#usr/share/doc/libxml2-2.9.10/html/html/up.png
-#usr/share/doc/libxml2-2.9.10/html/index.html
-#usr/share/doc/libxml2-2.9.10/html/io1.c
-#usr/share/doc/libxml2-2.9.10/html/io1.res
-#usr/share/doc/libxml2-2.9.10/html/io2.c
-#usr/share/doc/libxml2-2.9.10/html/io2.res
-#usr/share/doc/libxml2-2.9.10/html/libxml.gif
-#usr/share/doc/libxml2-2.9.10/html/parse1.c
-#usr/share/doc/libxml2-2.9.10/html/parse2.c
-#usr/share/doc/libxml2-2.9.10/html/parse3.c
-#usr/share/doc/libxml2-2.9.10/html/parse4.c
-#usr/share/doc/libxml2-2.9.10/html/reader1.c
-#usr/share/doc/libxml2-2.9.10/html/reader1.res
-#usr/share/doc/libxml2-2.9.10/html/reader2.c
-#usr/share/doc/libxml2-2.9.10/html/reader3.c
-#usr/share/doc/libxml2-2.9.10/html/reader3.res
-#usr/share/doc/libxml2-2.9.10/html/reader4.c
-#usr/share/doc/libxml2-2.9.10/html/reader4.res
-#usr/share/doc/libxml2-2.9.10/html/redhat.gif
-#usr/share/doc/libxml2-2.9.10/html/smallfootonly.gif
-#usr/share/doc/libxml2-2.9.10/html/structure.gif
-#usr/share/doc/libxml2-2.9.10/html/test1.xml
-#usr/share/doc/libxml2-2.9.10/html/test2.xml
-#usr/share/doc/libxml2-2.9.10/html/test3.xml
-#usr/share/doc/libxml2-2.9.10/html/testWriter.c
-#usr/share/doc/libxml2-2.9.10/html/tree1.c
-#usr/share/doc/libxml2-2.9.10/html/tree1.res
-#usr/share/doc/libxml2-2.9.10/html/tree2.c
-#usr/share/doc/libxml2-2.9.10/html/tree2.res
-#usr/share/doc/libxml2-2.9.10/html/tst.xml
-#usr/share/doc/libxml2-2.9.10/html/tutorial
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apa.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apb.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apc.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apd.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ape.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apf.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/apg.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/aph.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/api.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s02.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s03.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s04.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s05.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s06.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s07.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s08.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s09.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/blank.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/1.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/10.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/2.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/3.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/4.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/5.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/6.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/7.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/8.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/9.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/caution.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/draft.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/home.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/important.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/next.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/note.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/prev.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/tip.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-blank.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-minus.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-plus.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/up.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/images/warning.png
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includeaddattribute.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includeaddkeyword.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includeconvert.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includegetattribute.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includekeyword.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/includexpath.c
-#usr/share/doc/libxml2-2.9.10/html/tutorial/index.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/ix01.html
-#usr/share/doc/libxml2-2.9.10/html/tutorial/xmltutorial.pdf
-#usr/share/doc/libxml2-2.9.10/html/w3c.png
-#usr/share/doc/libxml2-2.9.10/html/writer.xml
-#usr/share/doc/libxml2-2.9.10/html/xml.html
-#usr/share/doc/libxml2-2.9.10/html/xpath1.c
-#usr/share/doc/libxml2-2.9.10/html/xpath1.res
-#usr/share/doc/libxml2-2.9.10/html/xpath2.c
-#usr/share/doc/libxml2-2.9.10/html/xpath2.res
-#usr/share/gtk-doc
-#usr/share/gtk-doc/html
+#usr/share/doc/libxml2-2.9.12
+#usr/share/doc/libxml2-2.9.12/Copyright
+#usr/share/doc/libxml2-2.9.12/examples
+#usr/share/doc/libxml2-2.9.12/examples/testHTML.c
+#usr/share/doc/libxml2-2.9.12/examples/testSAX.c
+#usr/share/doc/libxml2-2.9.12/examples/testXPath.c
+#usr/share/doc/libxml2-2.9.12/examples/xmllint.c
+#usr/share/doc/libxml2-2.9.12/html
+#usr/share/doc/libxml2-2.9.12/html/DOM.gif
+#usr/share/doc/libxml2-2.9.12/html/FAQ.html
+#usr/share/doc/libxml2-2.9.12/html/Libxml2-Logo-180x168.gif
+#usr/share/doc/libxml2-2.9.12/html/Libxml2-Logo-90x34.gif
+#usr/share/doc/libxml2-2.9.12/html/encoding.html
+#usr/share/doc/libxml2-2.9.12/html/examples.xml
+#usr/share/doc/libxml2-2.9.12/html/examples.xsl
+#usr/share/doc/libxml2-2.9.12/html/html
+#usr/share/doc/libxml2-2.9.12/html/html/book1.html
+#usr/share/doc/libxml2-2.9.12/html/html/home.png
+#usr/share/doc/libxml2-2.9.12/html/html/index.html
+#usr/share/doc/libxml2-2.9.12/html/html/left.png
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-DOCBparser.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-HTMLparser.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-HTMLtree.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-SAX.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-SAX2.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-c14n.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-catalog.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-chvalid.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-debugXML.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-dict.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-encoding.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-entities.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-globals.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-hash.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-lib.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-list.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-nanoftp.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-nanohttp.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-parser.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-parserInternals.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-pattern.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-relaxng.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-schemasInternals.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-schematron.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-threads.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-tree.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-uri.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-valid.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xinclude.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xlink.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlIO.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlautomata.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlerror.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlexports.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlmemory.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlmodule.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlreader.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlregexp.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlsave.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlschemas.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlschemastypes.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlstring.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlunicode.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlversion.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlwriter.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpath.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpathInternals.html
+#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpointer.html
+#usr/share/doc/libxml2-2.9.12/html/html/right.png
+#usr/share/doc/libxml2-2.9.12/html/html/up.png
+#usr/share/doc/libxml2-2.9.12/html/index.html
+#usr/share/doc/libxml2-2.9.12/html/io1.c
+#usr/share/doc/libxml2-2.9.12/html/io1.res
+#usr/share/doc/libxml2-2.9.12/html/io2.c
+#usr/share/doc/libxml2-2.9.12/html/io2.res
+#usr/share/doc/libxml2-2.9.12/html/libxml.gif
+#usr/share/doc/libxml2-2.9.12/html/parse1.c
+#usr/share/doc/libxml2-2.9.12/html/parse2.c
+#usr/share/doc/libxml2-2.9.12/html/parse3.c
+#usr/share/doc/libxml2-2.9.12/html/parse4.c
+#usr/share/doc/libxml2-2.9.12/html/reader1.c
+#usr/share/doc/libxml2-2.9.12/html/reader1.res
+#usr/share/doc/libxml2-2.9.12/html/reader2.c
+#usr/share/doc/libxml2-2.9.12/html/reader3.c
+#usr/share/doc/libxml2-2.9.12/html/reader3.res
+#usr/share/doc/libxml2-2.9.12/html/reader4.c
+#usr/share/doc/libxml2-2.9.12/html/reader4.res
+#usr/share/doc/libxml2-2.9.12/html/redhat.gif
+#usr/share/doc/libxml2-2.9.12/html/smallfootonly.gif
+#usr/share/doc/libxml2-2.9.12/html/structure.gif
+#usr/share/doc/libxml2-2.9.12/html/test1.xml
+#usr/share/doc/libxml2-2.9.12/html/test2.xml
+#usr/share/doc/libxml2-2.9.12/html/test3.xml
+#usr/share/doc/libxml2-2.9.12/html/testWriter.c
+#usr/share/doc/libxml2-2.9.12/html/tree1.c
+#usr/share/doc/libxml2-2.9.12/html/tree1.res
+#usr/share/doc/libxml2-2.9.12/html/tree2.c
+#usr/share/doc/libxml2-2.9.12/html/tree2.res
+#usr/share/doc/libxml2-2.9.12/html/tst.xml
+#usr/share/doc/libxml2-2.9.12/html/tutorial
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apa.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apb.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apc.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apd.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ape.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apf.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/apg.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/aph.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/api.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s02.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s03.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s04.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s05.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s06.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s07.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s08.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s09.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/blank.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/1.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/10.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/2.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/3.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/4.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/5.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/6.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/7.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/8.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/9.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/caution.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/draft.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/home.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/important.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/next.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/note.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/prev.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/tip.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-blank.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-minus.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-plus.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/up.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/images/warning.png
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includeaddattribute.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includeaddkeyword.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includeconvert.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includegetattribute.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includekeyword.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/includexpath.c
+#usr/share/doc/libxml2-2.9.12/html/tutorial/index.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/ix01.html
+#usr/share/doc/libxml2-2.9.12/html/tutorial/xmltutorial.pdf
+#usr/share/doc/libxml2-2.9.12/html/w3c.png
+#usr/share/doc/libxml2-2.9.12/html/writer.xml
+#usr/share/doc/libxml2-2.9.12/html/xml.html
+#usr/share/doc/libxml2-2.9.12/html/xpath1.c
+#usr/share/doc/libxml2-2.9.12/html/xpath1.res
+#usr/share/doc/libxml2-2.9.12/html/xpath2.c
+#usr/share/doc/libxml2-2.9.12/html/xpath2.res
#usr/share/gtk-doc/html/libxml2
#usr/share/gtk-doc/html/libxml2/general.html
#usr/share/gtk-doc/html/libxml2/home.png
#usr/include/libxslt/xsltexports.h
#usr/include/libxslt/xsltlocale.h
#usr/include/libxslt/xsltutils.h
-#usr/lib/libexslt.a
#usr/lib/libexslt.la
-usr/lib/libexslt.so
+#usr/lib/libexslt.so
usr/lib/libexslt.so.0
-usr/lib/libexslt.so.0.8.17
+usr/lib/libexslt.so.0.8.20
#usr/lib/libxslt-plugins
-#usr/lib/libxslt.a
#usr/lib/libxslt.la
-usr/lib/libxslt.so
+#usr/lib/libxslt.so
usr/lib/libxslt.so.1
-usr/lib/libxslt.so.1.1.28
+usr/lib/libxslt.so.1.1.34
#usr/lib/pkgconfig/libexslt.pc
#usr/lib/pkgconfig/libxslt.pc
#usr/lib/xsltConf.sh
#usr/share/aclocal/libxslt.m4
-#usr/share/doc/libxslt-1.1.28
-#usr/share/doc/libxslt-1.1.28/html
-#usr/share/doc/libxslt-1.1.28/html/API.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk0.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk1.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk10.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk11.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk12.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk13.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk2.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk3.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk4.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk5.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk6.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk7.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk8.html
-#usr/share/doc/libxslt-1.1.28/html/APIchunk9.html
-#usr/share/doc/libxslt-1.1.28/html/APIconstructors.html
-#usr/share/doc/libxslt-1.1.28/html/APIfiles.html
-#usr/share/doc/libxslt-1.1.28/html/APIfunctions.html
-#usr/share/doc/libxslt-1.1.28/html/APIsymbols.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIchunk0.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIconstructors.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfiles.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfunctions.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIsymbols.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/bugs.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/docs.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/downloads.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/exslt.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/help.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/index.html
-#usr/share/doc/libxslt-1.1.28/html/EXSLT/intro.html
-#usr/share/doc/libxslt-1.1.28/html/FAQ.html
-#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-180x168.gif
-#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-90x34.gif
-#usr/share/doc/libxslt-1.1.28/html/bugs.html
-#usr/share/doc/libxslt-1.1.28/html/contexts.gif
-#usr/share/doc/libxslt-1.1.28/html/contribs.html
-#usr/share/doc/libxslt-1.1.28/html/docbook.html
-#usr/share/doc/libxslt-1.1.28/html/docs.html
-#usr/share/doc/libxslt-1.1.28/html/downloads.html
-#usr/share/doc/libxslt-1.1.28/html/extensions.html
-#usr/share/doc/libxslt-1.1.28/html/help.html
-#usr/share/doc/libxslt-1.1.28/html/html
-#usr/share/doc/libxslt-1.1.28/html/html/book1.html
-#usr/share/doc/libxslt-1.1.28/html/html/home.png
-#usr/share/doc/libxslt-1.1.28/html/html/index.html
-#usr/share/doc/libxslt-1.1.28/html/html/left.png
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-attributes.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-documents.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extensions.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extra.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-functions.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-imports.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-keys.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-lib.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-namespaces.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-numbersInternals.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-pattern.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-preproc.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-security.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-templates.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-transform.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-variables.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xslt.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltInternals.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltexports.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltlocale.html
-#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltutils.html
-#usr/share/doc/libxslt-1.1.28/html/html/right.png
-#usr/share/doc/libxslt-1.1.28/html/html/up.png
-#usr/share/doc/libxslt-1.1.28/html/index.html
-#usr/share/doc/libxslt-1.1.28/html/internals.html
-#usr/share/doc/libxslt-1.1.28/html/intro.html
-#usr/share/doc/libxslt-1.1.28/html/news.html
-#usr/share/doc/libxslt-1.1.28/html/node.gif
-#usr/share/doc/libxslt-1.1.28/html/object.gif
-#usr/share/doc/libxslt-1.1.28/html/processing.gif
-#usr/share/doc/libxslt-1.1.28/html/python.html
-#usr/share/doc/libxslt-1.1.28/html/redhat.gif
-#usr/share/doc/libxslt-1.1.28/html/smallfootonly.gif
-#usr/share/doc/libxslt-1.1.28/html/stylesheet.gif
-#usr/share/doc/libxslt-1.1.28/html/templates.gif
-#usr/share/doc/libxslt-1.1.28/html/tutorial
-#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslt_tutorial.c
-#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.html
-#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.xml
-#usr/share/doc/libxslt-1.1.28/html/tutorial2
-#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.c
-#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.html
-#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.xml
-#usr/share/doc/libxslt-1.1.28/html/xslt.html
-#usr/share/doc/libxslt-1.1.28/html/xsltproc.html
-#usr/share/doc/libxslt-1.1.28/html/xsltproc2.html
-#usr/share/doc/libxslt-python-1.1.28
-#usr/share/doc/libxslt-python-1.1.28/TODO
-#usr/share/doc/libxslt-python-1.1.28/examples
-#usr/share/doc/libxslt-python-1.1.28/examples/basic.py
-#usr/share/doc/libxslt-python-1.1.28/examples/exslt.py
-#usr/share/doc/libxslt-python-1.1.28/examples/extelem.py
-#usr/share/doc/libxslt-python-1.1.28/examples/extfunc.py
-#usr/share/doc/libxslt-python-1.1.28/examples/pyxsltproc.py
-#usr/share/doc/libxslt-python-1.1.28/examples/test.xml
-#usr/share/doc/libxslt-python-1.1.28/examples/test.xsl
+#usr/share/doc/libxslt-1.1.34
+#usr/share/doc/libxslt-1.1.34/html
+#usr/share/doc/libxslt-1.1.34/html/API.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk0.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk1.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk10.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk11.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk12.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk2.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk3.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk4.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk5.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk6.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk7.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk8.html
+#usr/share/doc/libxslt-1.1.34/html/APIchunk9.html
+#usr/share/doc/libxslt-1.1.34/html/APIconstructors.html
+#usr/share/doc/libxslt-1.1.34/html/APIfiles.html
+#usr/share/doc/libxslt-1.1.34/html/APIfunctions.html
+#usr/share/doc/libxslt-1.1.34/html/APIsymbols.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIchunk0.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIconstructors.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIfiles.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIfunctions.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIsymbols.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/bugs.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/docs.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/downloads.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/exslt.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/help.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/index.html
+#usr/share/doc/libxslt-1.1.34/html/EXSLT/intro.html
+#usr/share/doc/libxslt-1.1.34/html/FAQ.html
+#usr/share/doc/libxslt-1.1.34/html/Libxslt-Logo-180x168.gif
+#usr/share/doc/libxslt-1.1.34/html/Libxslt-Logo-90x34.gif
+#usr/share/doc/libxslt-1.1.34/html/bugs.html
+#usr/share/doc/libxslt-1.1.34/html/contexts.gif
+#usr/share/doc/libxslt-1.1.34/html/contribs.html
+#usr/share/doc/libxslt-1.1.34/html/docbook.html
+#usr/share/doc/libxslt-1.1.34/html/docs.html
+#usr/share/doc/libxslt-1.1.34/html/downloads.html
+#usr/share/doc/libxslt-1.1.34/html/extensions.html
+#usr/share/doc/libxslt-1.1.34/html/help.html
+#usr/share/doc/libxslt-1.1.34/html/html
+#usr/share/doc/libxslt-1.1.34/html/html/book1.html
+#usr/share/doc/libxslt-1.1.34/html/html/home.png
+#usr/share/doc/libxslt-1.1.34/html/html/index.html
+#usr/share/doc/libxslt-1.1.34/html/html/left.png
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-attributes.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-documents.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-extensions.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-extra.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-functions.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-imports.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-keys.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-lib.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-namespaces.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-numbersInternals.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-pattern.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-preproc.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-security.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-templates.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-transform.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-variables.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xslt.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltInternals.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltexports.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltlocale.html
+#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltutils.html
+#usr/share/doc/libxslt-1.1.34/html/html/right.png
+#usr/share/doc/libxslt-1.1.34/html/html/up.png
+#usr/share/doc/libxslt-1.1.34/html/index.html
+#usr/share/doc/libxslt-1.1.34/html/internals.html
+#usr/share/doc/libxslt-1.1.34/html/intro.html
+#usr/share/doc/libxslt-1.1.34/html/news.html
+#usr/share/doc/libxslt-1.1.34/html/node.gif
+#usr/share/doc/libxslt-1.1.34/html/object.gif
+#usr/share/doc/libxslt-1.1.34/html/processing.gif
+#usr/share/doc/libxslt-1.1.34/html/python.html
+#usr/share/doc/libxslt-1.1.34/html/redhat.gif
+#usr/share/doc/libxslt-1.1.34/html/smallfootonly.gif
+#usr/share/doc/libxslt-1.1.34/html/stylesheet.gif
+#usr/share/doc/libxslt-1.1.34/html/templates.gif
+#usr/share/doc/libxslt-1.1.34/html/tutorial
+#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslt_tutorial.c
+#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslttutorial.html
+#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslttutorial.xml
+#usr/share/doc/libxslt-1.1.34/html/tutorial2
+#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.c
+#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.html
+#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.xml
+#usr/share/doc/libxslt-1.1.34/html/xslt.html
+#usr/share/doc/libxslt-1.1.34/html/xsltproc.html
+#usr/share/doc/libxslt-1.1.34/html/xsltproc2.html
#usr/share/man/man1/xsltproc.1
#usr/share/man/man3/libexslt.3
#usr/share/man/man3/libxslt.3
#usr/lib/libpcre2-16.la
#usr/lib/libpcre2-16.so
usr/lib/libpcre2-16.so.0
-usr/lib/libpcre2-16.so.0.10.2
+usr/lib/libpcre2-16.so.0.10.4
#usr/lib/libpcre2-32.la
#usr/lib/libpcre2-32.so
usr/lib/libpcre2-32.so.0
-usr/lib/libpcre2-32.so.0.10.2
+usr/lib/libpcre2-32.so.0.10.4
#usr/lib/libpcre2-8.la
#usr/lib/libpcre2-8.so
usr/lib/libpcre2-8.so.0
-usr/lib/libpcre2-8.so.0.10.2
+usr/lib/libpcre2-8.so.0.10.4
#usr/lib/libpcre2-posix.la
#usr/lib/libpcre2-posix.so
usr/lib/libpcre2-posix.so.3
-usr/lib/libpcre2-posix.so.3.0.0
+usr/lib/libpcre2-posix.so.3.0.1
#usr/lib/pkgconfig/libpcre2-16.pc
#usr/lib/pkgconfig/libpcre2-32.pc
#usr/lib/pkgconfig/libpcre2-8.pc
#usr/lib/pkgconfig/libpcre2-posix.pc
-#usr/share/doc/pcre-pcre2-10.37
-#usr/share/doc/pcre-pcre2-10.37/AUTHORS
-#usr/share/doc/pcre-pcre2-10.37/COPYING
-#usr/share/doc/pcre-pcre2-10.37/ChangeLog
-#usr/share/doc/pcre-pcre2-10.37/LICENCE
-#usr/share/doc/pcre-pcre2-10.37/NEWS
-#usr/share/doc/pcre-pcre2-10.37/README
-#usr/share/doc/pcre-pcre2-10.37/html
-#usr/share/doc/pcre-pcre2-10.37/html/NON-AUTOTOOLS-BUILD.txt
-#usr/share/doc/pcre-pcre2-10.37/html/README.txt
-#usr/share/doc/pcre-pcre2-10.37/html/index.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2-config.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_callout_enumerate.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_copy.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_copy_with_tables.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_copy.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_config.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_copy.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_converted_pattern_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_dfa_match.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_copy.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_error_message.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_mark.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_match_data_size.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_ovector_count.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_ovector_pointer.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_startchar.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_compile.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_free_unused_memory.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_match.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_assign.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_maketables.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_maketables_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_copy.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_create.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_create_from_pattern.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_pattern_convert.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_pattern_info.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_decode.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_encode.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_get_number_of_codes.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_bsr.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_callout.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_character_tables.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_compile_extra_options.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_compile_recursion_guard.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_depth_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_glob_escape.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_glob_separator.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_heap_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_match_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_max_pattern_length.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_newline.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_offset_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_parens_nest_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_recursion_limit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_recursion_memory_management.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_substitute_callout.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substitute.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_copy_byname.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_copy_bynumber.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_get_byname.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_get_bynumber.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_length_byname.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_length_bynumber.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_list_free.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_list_get.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_nametable_scan.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_number_from_name.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2api.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2build.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2callout.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2compat.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2convert.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2demo.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2grep.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2jit.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2limits.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2matching.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2partial.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2pattern.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2perform.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2posix.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2sample.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2serialize.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2syntax.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2test.html
-#usr/share/doc/pcre-pcre2-10.37/html/pcre2unicode.html
-#usr/share/doc/pcre-pcre2-10.37/pcre2-config.txt
-#usr/share/doc/pcre-pcre2-10.37/pcre2.txt
-#usr/share/doc/pcre-pcre2-10.37/pcre2grep.txt
-#usr/share/doc/pcre-pcre2-10.37/pcre2test.txt
+#usr/share/doc/pcre-pcre2-10.39
+#usr/share/doc/pcre-pcre2-10.39/AUTHORS
+#usr/share/doc/pcre-pcre2-10.39/COPYING
+#usr/share/doc/pcre-pcre2-10.39/ChangeLog
+#usr/share/doc/pcre-pcre2-10.39/LICENCE
+#usr/share/doc/pcre-pcre2-10.39/NEWS
+#usr/share/doc/pcre-pcre2-10.39/README
+#usr/share/doc/pcre-pcre2-10.39/html
+#usr/share/doc/pcre-pcre2-10.39/html/NON-AUTOTOOLS-BUILD.txt
+#usr/share/doc/pcre-pcre2-10.39/html/README.txt
+#usr/share/doc/pcre-pcre2-10.39/html/index.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2-config.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_callout_enumerate.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_copy.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_copy_with_tables.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_copy.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_config.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_copy.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_converted_pattern_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_dfa_match.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_copy.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_error_message.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_mark.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_match_data_size.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_ovector_count.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_ovector_pointer.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_startchar.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_compile.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_free_unused_memory.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_match.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_assign.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_maketables.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_maketables_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_copy.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_create.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_create_from_pattern.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_pattern_convert.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_pattern_info.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_decode.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_encode.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_get_number_of_codes.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_bsr.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_callout.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_character_tables.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_compile_extra_options.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_compile_recursion_guard.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_depth_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_glob_escape.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_glob_separator.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_heap_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_match_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_max_pattern_length.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_newline.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_offset_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_parens_nest_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_recursion_limit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_recursion_memory_management.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_substitute_callout.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substitute.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_copy_byname.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_copy_bynumber.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_get_byname.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_get_bynumber.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_length_byname.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_length_bynumber.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_list_free.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_list_get.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_nametable_scan.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_number_from_name.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2api.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2build.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2callout.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2compat.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2convert.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2demo.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2grep.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2jit.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2limits.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2matching.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2partial.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2pattern.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2perform.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2posix.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2sample.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2serialize.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2syntax.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2test.html
+#usr/share/doc/pcre-pcre2-10.39/html/pcre2unicode.html
+#usr/share/doc/pcre-pcre2-10.39/pcre2-config.txt
+#usr/share/doc/pcre-pcre2-10.39/pcre2.txt
+#usr/share/doc/pcre-pcre2-10.39/pcre2grep.txt
+#usr/share/doc/pcre-pcre2-10.39/pcre2test.txt
#usr/share/man/man1/pcre2-config.1
#usr/share/man/man1/pcre2grep.1
#usr/share/man/man1/pcre2test.1
--- /dev/null
+#usr/lib/perl5/site_perl/5.32.1/LWP
+usr/lib/perl5/site_perl/5.32.1/LWP.pm
+#usr/lib/perl5/site_perl/5.32.1/LWP/Authen
+usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Basic.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Digest.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Ntlm.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/ConnCache.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Debug
+usr/lib/perl5/site_perl/5.32.1/LWP/Debug.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Debug/TraceHTTP.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/DebugFile.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/MemberMixin.pm
+#usr/lib/perl5/site_perl/5.32.1/LWP/Protocol
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/cpan.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/data.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/file.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/ftp.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/gopher.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/loopback.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/mailto.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nntp.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nogo.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/RobotUA.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/Simple.pm
+usr/lib/perl5/site_perl/5.32.1/LWP/UserAgent.pm
+#usr/lib/perl5/site_perl/5.32.1/libwww
+usr/lib/perl5/site_perl/5.32.1/libwww/lwpcook.pod
+usr/lib/perl5/site_perl/5.32.1/libwww/lwptut.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww/perl
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww/perl/.packlist
+#usr/share/man/man3/LWP.3
+#usr/share/man/man3/LWP::Authen::Ntlm.3
+#usr/share/man/man3/LWP::ConnCache.3
+#usr/share/man/man3/LWP::Debug.3
+#usr/share/man/man3/LWP::MemberMixin.3
+#usr/share/man/man3/LWP::Protocol.3
+#usr/share/man/man3/LWP::RobotUA.3
+#usr/share/man/man3/LWP::Simple.3
+#usr/share/man/man3/LWP::UserAgent.3
+#usr/share/man/man3/libwww::lwpcook.3
+#usr/share/man/man3/libwww::lwptut.3
usr/lib/python3.8/lib-dynload/_curses.cpython-38-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.8/lib-dynload/_curses_panel.cpython-38-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.8/lib-dynload/_datetime.cpython-38-xxxMACHINExxx-linux-gnu.so
-usr/lib/python3.8/lib-dynload/_dbm.cpython-38-xxxMACHINExxx-linux-gnu_failed.so
+usr/lib/python3.8/lib-dynload/_dbm.cpython-38-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.8/lib-dynload/_decimal.cpython-38-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.8/lib-dynload/_elementtree.cpython-38-xxxMACHINExxx-linux-gnu.so
usr/lib/python3.8/lib-dynload/_gdbm.cpython-38-xxxMACHINExxx-linux-gnu.so
#usr/lib/squid/errors/es
#usr/lib/squid/errors/es-ar
#usr/lib/squid/errors/es-bo
+#usr/lib/squid/errors/es-bz
#usr/lib/squid/errors/es-cl
#usr/lib/squid/errors/es-co
#usr/lib/squid/errors/es-cr
+#usr/lib/squid/errors/es-cu
#usr/lib/squid/errors/es-do
#usr/lib/squid/errors/es-ec
#usr/lib/squid/errors/es-es
#usr/lib/squid/errors/es-gt
#usr/lib/squid/errors/es-hn
#usr/lib/squid/errors/es-mx
+#usr/lib/squid/errors/es-mx/ERR_ACCESS_DENIED
+#usr/lib/squid/errors/es-mx/ERR_ACL_TIME_QUOTA_EXCEEDED
+#usr/lib/squid/errors/es-mx/ERR_AGENT_CONFIGURE
+#usr/lib/squid/errors/es-mx/ERR_AGENT_WPAD
+#usr/lib/squid/errors/es-mx/ERR_CACHE_ACCESS_DENIED
+#usr/lib/squid/errors/es-mx/ERR_CACHE_MGR_ACCESS_DENIED
+#usr/lib/squid/errors/es-mx/ERR_CANNOT_FORWARD
+#usr/lib/squid/errors/es-mx/ERR_CONFLICT_HOST
+#usr/lib/squid/errors/es-mx/ERR_CONNECT_FAIL
+#usr/lib/squid/errors/es-mx/ERR_DIR_LISTING
+#usr/lib/squid/errors/es-mx/ERR_DNS_FAIL
+#usr/lib/squid/errors/es-mx/ERR_ESI
+#usr/lib/squid/errors/es-mx/ERR_FORWARDING_DENIED
+#usr/lib/squid/errors/es-mx/ERR_FTP_DISABLED
+#usr/lib/squid/errors/es-mx/ERR_FTP_FAILURE
+#usr/lib/squid/errors/es-mx/ERR_FTP_FORBIDDEN
+#usr/lib/squid/errors/es-mx/ERR_FTP_NOT_FOUND
+#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_CREATED
+#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_ERROR
+#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_MODIFIED
+#usr/lib/squid/errors/es-mx/ERR_FTP_UNAVAILABLE
+#usr/lib/squid/errors/es-mx/ERR_GATEWAY_FAILURE
+#usr/lib/squid/errors/es-mx/ERR_ICAP_FAILURE
+#usr/lib/squid/errors/es-mx/ERR_INVALID_REQ
+#usr/lib/squid/errors/es-mx/ERR_INVALID_RESP
+#usr/lib/squid/errors/es-mx/ERR_INVALID_URL
+#usr/lib/squid/errors/es-mx/ERR_LIFETIME_EXP
+#usr/lib/squid/errors/es-mx/ERR_NO_RELAY
+#usr/lib/squid/errors/es-mx/ERR_ONLY_IF_CACHED_MISS
+#usr/lib/squid/errors/es-mx/ERR_PRECONDITION_FAILED
+#usr/lib/squid/errors/es-mx/ERR_PROTOCOL_UNKNOWN
+#usr/lib/squid/errors/es-mx/ERR_READ_ERROR
+#usr/lib/squid/errors/es-mx/ERR_READ_TIMEOUT
+#usr/lib/squid/errors/es-mx/ERR_SECURE_CONNECT_FAIL
+#usr/lib/squid/errors/es-mx/ERR_SHUTTING_DOWN
+#usr/lib/squid/errors/es-mx/ERR_SOCKET_FAILURE
+#usr/lib/squid/errors/es-mx/ERR_TOO_BIG
+#usr/lib/squid/errors/es-mx/ERR_UNSUP_HTTPVERSION
+#usr/lib/squid/errors/es-mx/ERR_UNSUP_REQ
+#usr/lib/squid/errors/es-mx/ERR_URN_RESOLVE
+#usr/lib/squid/errors/es-mx/ERR_WRITE_ERROR
+#usr/lib/squid/errors/es-mx/ERR_ZERO_SIZE_OBJECT
+#usr/lib/squid/errors/es-mx/error-details.txt
#usr/lib/squid/errors/es-ni
#usr/lib/squid/errors/es-pa
#usr/lib/squid/errors/es-pe
#usr/lib/squid/errors/sl/ERR_WRITE_ERROR
#usr/lib/squid/errors/sl/ERR_ZERO_SIZE_OBJECT
#usr/lib/squid/errors/sl/error-details.txt
+#usr/lib/squid/errors/spq
#usr/lib/squid/errors/sr
#usr/lib/squid/errors/sr-cyrl
#usr/lib/squid/errors/sr-cyrl-cs
usr/lib/squid/ext_delayer_acl
usr/lib/squid/ext_edirectory_userip_acl
usr/lib/squid/ext_file_userip_acl
+usr/lib/squid/ext_kerberos_sid_group_acl
usr/lib/squid/ext_ldap_group_acl
usr/lib/squid/ext_session_acl
usr/lib/squid/ext_sql_session_acl
-usr/lib/squid/ext_time_quota_acl
usr/lib/squid/ext_unix_group_acl
usr/lib/squid/ext_wbinfo_group_acl
usr/lib/squid/helper-mux
#usr/share/man/man8/ext_delayer_acl.8
#usr/share/man/man8/ext_edirectory_userip_acl.8
#usr/share/man/man8/ext_file_userip_acl.8
+#usr/share/man/man8/ext_kerberos_sid_group_acl.8
#usr/share/man/man8/ext_ldap_group_acl.8
#usr/share/man/man8/ext_session_acl.8
#usr/share/man/man8/ext_sql_session_acl.8
-#usr/share/man/man8/ext_time_quota_acl.8
#usr/share/man/man8/ext_unix_group_acl.8
#usr/share/man/man8/ext_wbinfo_group_acl.8
#usr/share/man/man8/helper-mux.8
#usr/share/suricata/rules/tls-events.rules
var/ipfire/suricata/suricata-default-rules.yaml
var/lib/suricata
-var/lib/suricata/classification.config
-var/lib/suricata/reference.config
-var/lib/suricata/threshold.config
var/log/suricata
#var/log/suricata/certs
#var/log/suricata/files
#usr/include/tdbc.h
#usr/include/tdbcDecls.h
#usr/include/tdbcInt.h
-#usr/lib/itcl4.2.1
-usr/lib/itcl4.2.1/itcl.tcl
-usr/lib/itcl4.2.1/itclConfig.sh
-usr/lib/itcl4.2.1/itclHullCmds.tcl
-usr/lib/itcl4.2.1/itclWidget.tcl
-usr/lib/itcl4.2.1/libitcl4.2.1.so
-usr/lib/itcl4.2.1/libitclstub4.2.1.a
-usr/lib/itcl4.2.1/pkgIndex.tcl
+#usr/lib/itcl4.2.2
+usr/lib/itcl4.2.2/itcl.tcl
+usr/lib/itcl4.2.2/itclConfig.sh
+usr/lib/itcl4.2.2/itclHullCmds.tcl
+usr/lib/itcl4.2.2/itclWidget.tcl
+usr/lib/itcl4.2.2/libitcl4.2.2.so
+usr/lib/itcl4.2.2/libitclstub4.2.2.a
+usr/lib/itcl4.2.2/pkgIndex.tcl
usr/lib/libtcl8.6.so
#usr/lib/libtclstub8.6.a
#usr/lib/pkgconfig/tcl.pc
-#usr/lib/sqlite3.34.0
-usr/lib/sqlite3.34.0/libsqlite3.34.0.so
-usr/lib/sqlite3.34.0/pkgIndex.tcl
+#usr/lib/sqlite3.36.0
+usr/lib/sqlite3.36.0/libsqlite3.36.0.so
+usr/lib/sqlite3.36.0/pkgIndex.tcl
#usr/lib/tcl8
#usr/lib/tcl8.6
usr/lib/tcl8.6/auto.tcl
usr/lib/tcl8.6/encoding
usr/lib/tcl8.6/encoding/ascii.enc
usr/lib/tcl8.6/encoding/big5.enc
+usr/lib/tcl8.6/encoding/cns11643.enc
usr/lib/tcl8.6/encoding/cp1250.enc
usr/lib/tcl8.6/encoding/cp1251.enc
usr/lib/tcl8.6/encoding/cp1252.enc
usr/lib/tcl8.6/encoding/iso2022.enc
usr/lib/tcl8.6/encoding/iso8859-1.enc
usr/lib/tcl8.6/encoding/iso8859-10.enc
+usr/lib/tcl8.6/encoding/iso8859-11.enc
usr/lib/tcl8.6/encoding/iso8859-13.enc
usr/lib/tcl8.6/encoding/iso8859-14.enc
usr/lib/tcl8.6/encoding/iso8859-15.enc
usr/lib/tcl8.6/word.tcl
#usr/lib/tcl8/8.4
usr/lib/tcl8/8.4/platform
-usr/lib/tcl8/8.4/platform-1.0.15.tm
+usr/lib/tcl8/8.4/platform-1.0.18.tm
usr/lib/tcl8/8.4/platform/shell-1.1.4.tm
#usr/lib/tcl8/8.5
usr/lib/tcl8/8.5/msgcat-1.6.1.tm
#usr/lib/tcl8/8.6
usr/lib/tcl8/8.6/http-2.9.5.tm
usr/lib/tcl8/8.6/tdbc
-usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.2.tm
+usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.3.tm
usr/lib/tclConfig.sh
usr/lib/tclooConfig.sh
-#usr/lib/tdbc1.1.2
-usr/lib/tdbc1.1.2/libtdbc1.1.2.so
-usr/lib/tdbc1.1.2/libtdbcstub1.1.2.a
-usr/lib/tdbc1.1.2/pkgIndex.tcl
-usr/lib/tdbc1.1.2/tdbc.tcl
-usr/lib/tdbc1.1.2/tdbcConfig.sh
-#usr/lib/tdbcmysql1.1.2
-usr/lib/tdbcmysql1.1.2/libtdbcmysql1.1.2.so
-usr/lib/tdbcmysql1.1.2/pkgIndex.tcl
-usr/lib/tdbcmysql1.1.2/tdbcmysql.tcl
-#usr/lib/tdbcodbc1.1.2
-usr/lib/tdbcodbc1.1.2/libtdbcodbc1.1.2.so
-usr/lib/tdbcodbc1.1.2/pkgIndex.tcl
-usr/lib/tdbcodbc1.1.2/tdbcodbc.tcl
-#usr/lib/tdbcpostgres1.1.2
-usr/lib/tdbcpostgres1.1.2/libtdbcpostgres1.1.2.so
-usr/lib/tdbcpostgres1.1.2/pkgIndex.tcl
-usr/lib/tdbcpostgres1.1.2/tdbcpostgres.tcl
-#usr/lib/thread2.8.6
-usr/lib/thread2.8.6/libthread2.8.6.so
-usr/lib/thread2.8.6/pkgIndex.tcl
-usr/lib/thread2.8.6/ttrace.tcl
+usr/lib/tdbc1.1.3
+usr/lib/tdbc1.1.3/libtdbc1.1.3.so
+usr/lib/tdbc1.1.3/libtdbcstub1.1.3.a
+usr/lib/tdbc1.1.3/pkgIndex.tcl
+usr/lib/tdbc1.1.3/tdbc.tcl
+usr/lib/tdbc1.1.3/tdbcConfig.sh
+#usr/lib/tdbcmysql1.1.3
+usr/lib/tdbcmysql1.1.3/libtdbcmysql1.1.3.so
+usr/lib/tdbcmysql1.1.3/pkgIndex.tcl
+usr/lib/tdbcmysql1.1.3/tdbcmysql.tcl
+#usr/lib/tdbcodbc1.1.3
+usr/lib/tdbcodbc1.1.3/libtdbcodbc1.1.3.so
+usr/lib/tdbcodbc1.1.3/pkgIndex.tcl
+usr/lib/tdbcodbc1.1.3/tdbcodbc.tcl
+#usr/lib/tdbcpostgres1.1.3
+usr/lib/tdbcpostgres1.1.3/libtdbcpostgres1.1.3.so
+usr/lib/tdbcpostgres1.1.3/pkgIndex.tcl
+usr/lib/tdbcpostgres1.1.3/tdbcpostgres.tcl
+#usr/lib/thread2.8.7
+usr/lib/thread2.8.7/libthread2.8.7.so
+usr/lib/thread2.8.7/pkgIndex.tcl
+usr/lib/thread2.8.7/ttrace.tcl
#usr/man/man1/tclsh.1
+#usr/man/man3
#usr/man/man3/DString.3
#usr/man/man3/Notifier.3
#usr/man/man3/RegExp.3
#usr/man/man3/Tcl_GetLongFromObj.3
#usr/man/man3/Tcl_GetMaster.3
#usr/man/man3/Tcl_GetMathFuncInfo.3
+#usr/man/man3/Tcl_GetMemoryInfo.3
#usr/man/man3/Tcl_GetModeFromStat.3
#usr/man/man3/Tcl_GetModificationTimeFromStat.3
#usr/man/man3/Tcl_GetNameOfExecutable.3
#usr/man/man3/Tcl_LoadFile.3
#usr/man/man3/Tcl_LogCommandInfo.3
#usr/man/man3/Tcl_Main.3
+#usr/man/man3/Tcl_MainEx.3
+#usr/man/man3/Tcl_MainExW.3
#usr/man/man3/Tcl_MakeFileChannel.3
#usr/man/man3/Tcl_MakeSafe.3
#usr/man/man3/Tcl_MakeTcpClientChannel.3
usr/bin/lsusb.py
usr/bin/usb-devices
usr/bin/usbhid-dump
-usr/sbin/update-usbids.sh
-#usr/share/hwdata
-#usr/share/hwdata/usb.ids
#usr/share/man/man1/usb-devices.1
#usr/share/man/man8/lsusb.8
#usr/share/man/man8/usbhid-dump.8
-#usr/share/pkgconfig
-#usr/share/pkgconfig/usbutils.pc
srv/web/ipfire/html/images/wakeup.gif
srv/web/ipfire/html/images/window-new.png
srv/web/ipfire/html/include
+srv/web/ipfire/html/include/pakfire.js
srv/web/ipfire/html/include/rrdimage.js
srv/web/ipfire/html/include/zoneconf.js
srv/web/ipfire/html/index.cgi
#usr/lib/libzstd.a
#usr/lib/libzstd.so
usr/lib/libzstd.so.1
-usr/lib/libzstd.so.1.5.0
+usr/lib/libzstd.so.1.5.1
#usr/lib/pkgconfig/libzstd.pc
#usr/share/man/man1/unzstd.1
#usr/share/man/man1/zstd.1
--- /dev/null
+../../../common/expat
\ No newline at end of file
--- /dev/null
+etc/collectd.conf
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/squid
+etc/suricata/suricata.yaml
+srv/web/ipfire/cgi-bin/ids.cgi
+srv/web/ipfire/cgi-bin/optionsfw.cgi
+srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/html/include/pakfire.js
+usr/sbin/convert-ids-multiple-providers
+usr/sbin/convert-snort
+var/ipfire/backup/bin/backup.pl
+var/ipfire/backup/include
+var/ipfire/graphs.pl
+var/ipfire/ids-functions.pl
+var/ipfire/urlfilter/autoupdate/autoupdate.urls
--- /dev/null
+../../../common/gdbm
\ No newline at end of file
--- /dev/null
+../../../common/hdparm
\ No newline at end of file
--- /dev/null
+../../../common/ids-ruleset-sources
\ No newline at end of file
--- /dev/null
+../../../common/kmod
\ No newline at end of file
--- /dev/null
+../../../common/libusb
\ No newline at end of file
--- /dev/null
+../../../common/libxml2
\ No newline at end of file
--- /dev/null
+../../../common/libxslt
\ No newline at end of file
--- /dev/null
+../../../common/lvm2
\ No newline at end of file
--- /dev/null
+../../../common/oinkmaster
\ No newline at end of file
--- /dev/null
+../../../common/pcre2
\ No newline at end of file
--- /dev/null
+../../../common/poppler-data
\ No newline at end of file
--- /dev/null
+../../../common/tcl
\ No newline at end of file
--- /dev/null
+../../../common/usbutils
\ No newline at end of file
--- /dev/null
+../../../common/zstd
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2022 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=164
+
+exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ # force fsck at next boot, this may fix free space on xfs
+ touch /forcefsck
+ # don't start pakfire again at error
+ killall -KILL pak_update
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+ exit 2
+fi
+
+# Remove files
+
+# Stop services
+/etc/init.d/collectd stop
+/etc/init.d/suricata stop
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Filesytem cleanup
+/usr/local/bin/filesystem-cleanup
+
+# Run convert script for IDS multiple providers
+/usr/sbin/convert-ids-multiple-providers
+
+# Add missing configuration settings to optionsfw configuration
+echo "DROPHOSTILE=off" > /var/ipfire/optionsfw/settings
+echo "DROPSPOOFEDMARTIAN=on" > /var/ipfire/optionsfw/settings
+
+# Start services
+/etc/init.d/firewall restart
+/etc/init.d/collectd start
+/etc/init.d/squid restart
+/etc/init.d/suricata start
+
+# This update needs a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
+
--- /dev/null
+etc/system-release
+etc/issue
+etc/os-release
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
--- /dev/null
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+usr/share/xt_geoip
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/firewall/locationblock
+var/ipfire/fwhosts/customlocationgrp
+var/ipfire/ovpn
+var/ipfire/urlfilter/blacklist
+var/ipfire/urlfilter/settings
+var/lib/alternatives
+var/lib/location/database.db
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
--- /dev/null
+../../../common/freetype
\ No newline at end of file
--- /dev/null
+../../../common/squid
\ No newline at end of file
usr/bin/netcat
+#usr/info
#usr/info/dir
#usr/info/netcat.info
#usr/man/man1/netcat.1
#etc/libvirt/nwfilter/allow-arp.xml
#etc/libvirt/nwfilter/allow-dhcp-server.xml
#etc/libvirt/nwfilter/allow-dhcp.xml
+#etc/libvirt/nwfilter/allow-dhcpv6-server.xml
+#etc/libvirt/nwfilter/allow-dhcpv6.xml
#etc/libvirt/nwfilter/allow-incoming-ipv4.xml
+#etc/libvirt/nwfilter/allow-incoming-ipv6.xml
#etc/libvirt/nwfilter/allow-ipv4.xml
+#etc/libvirt/nwfilter/allow-ipv6.xml
#etc/libvirt/nwfilter/clean-traffic-gateway.xml
#etc/libvirt/nwfilter/clean-traffic.xml
#etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
#etc/libvirt/nwfilter/no-arp-spoofing.xml
#etc/libvirt/nwfilter/no-ip-multicast.xml
#etc/libvirt/nwfilter/no-ip-spoofing.xml
+#etc/libvirt/nwfilter/no-ipv6-multicast.xml
+#etc/libvirt/nwfilter/no-ipv6-spoofing.xml
#etc/libvirt/nwfilter/no-mac-broadcast.xml
#etc/libvirt/nwfilter/no-mac-spoofing.xml
#etc/libvirt/nwfilter/no-other-l2-traffic.xml
etc/libvirt/qemu-lockd.conf
etc/libvirt/qemu.conf
etc/libvirt/virt-login-shell.conf
+etc/libvirt/virtchd.conf
etc/libvirt/virtinterfaced.conf
etc/libvirt/virtlockd.conf
etc/libvirt/virtlogd.conf
usr/bin/virt-admin
usr/bin/virt-host-validate
usr/bin/virt-login-shell
+usr/bin/virt-pki-query-dn
usr/bin/virt-pki-validate
usr/bin/virt-qemu-run
+usr/bin/virt-ssh-helper
usr/bin/virt-xml-validate
#usr/include/libvirt
#usr/include/libvirt/libvirt-admin.h
#usr/include/libvirt/libvirt.h
#usr/include/libvirt/virterror.h
#usr/lib/libvirt
-#usr/lib/libvirt-admin.la
#usr/lib/libvirt-admin.so
usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.6005.0
-#usr/lib/libvirt-lxc.la
+usr/lib/libvirt-admin.so.0.7010.0
#usr/lib/libvirt-lxc.so
usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.6005.0
-#usr/lib/libvirt-qemu.la
+usr/lib/libvirt-lxc.so.0.7010.0
#usr/lib/libvirt-qemu.so
usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.6005.0
-#usr/lib/libvirt.la
+usr/lib/libvirt-qemu.so.0.7010.0
#usr/lib/libvirt.so
usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.6005.0
+usr/lib/libvirt.so.0.7010.0
#usr/lib/libvirt/connection-driver
-#usr/lib/libvirt/connection-driver/libvirt_driver_interface.la
+usr/lib/libvirt/connection-driver/libvirt_driver_ch.so
usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
-#usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.la
usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.so
-#usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.la
usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
-#usr/lib/libvirt/connection-driver/libvirt_driver_qemu.la
usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
-#usr/lib/libvirt/connection-driver/libvirt_driver_secret.la
usr/lib/libvirt/connection-driver/libvirt_driver_secret.so
-#usr/lib/libvirt/connection-driver/libvirt_driver_storage.la
usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
#usr/lib/libvirt/lock-driver
-#usr/lib/libvirt/lock-driver/lockd.la
usr/lib/libvirt/lock-driver/lockd.so
#usr/lib/libvirt/storage-backend
-#usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.la
usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.so
-#usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.la
usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.so
+usr/lib/libvirt/storage-backend/libvirt_storage_backend_vstorage.so
#usr/lib/libvirt/storage-file
-#usr/lib/libvirt/storage-file/libvirt_storage_file_fs.la
usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so
#usr/lib/pkgconfig/libvirt-admin.pc
#usr/lib/pkgconfig/libvirt-lxc.pc
usr/libexec/libvirt_iohelper
usr/libexec/virt-login-shell-helper
usr/sbin/libvirtd
+usr/sbin/virtchd
usr/sbin/virtinterfaced
usr/sbin/virtlockd
usr/sbin/virtlogd
#usr/share/augeas/lenses/tests/test_libvirt_lockd.aug
#usr/share/augeas/lenses/tests/test_libvirtd.aug
#usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug
+#usr/share/augeas/lenses/tests/test_virtchd.aug
#usr/share/augeas/lenses/tests/test_virtinterfaced.aug
#usr/share/augeas/lenses/tests/test_virtlockd.aug
#usr/share/augeas/lenses/tests/test_virtlogd.aug
#usr/share/augeas/lenses/tests/test_virtqemud.aug
#usr/share/augeas/lenses/tests/test_virtsecretd.aug
#usr/share/augeas/lenses/tests/test_virtstoraged.aug
+#usr/share/augeas/lenses/virtchd.aug
#usr/share/augeas/lenses/virtinterfaced.aug
#usr/share/augeas/lenses/virtlockd.aug
#usr/share/augeas/lenses/virtlogd.aug
#usr/share/doc/libvirt/examples/xml/test/testnodeinline.xml
#usr/share/doc/libvirt/examples/xml/test/testpool.xml
#usr/share/doc/libvirt/examples/xml/test/testvol.xml
-#usr/share/doc/libvirt/html
-#usr/share/doc/libvirt/html/404.html
-#usr/share/doc/libvirt/html/acl.html
-#usr/share/doc/libvirt/html/aclpolkit.html
-#usr/share/doc/libvirt/html/advanced-tests.html
-#usr/share/doc/libvirt/html/android-chrome-192x192.png
-#usr/share/doc/libvirt/html/android-chrome-256x256.png
-#usr/share/doc/libvirt/html/api.html
-#usr/share/doc/libvirt/html/api_extension.html
-#usr/share/doc/libvirt/html/apple-touch-icon.png
-#usr/share/doc/libvirt/html/apps.html
-#usr/share/doc/libvirt/html/architecture.gif
-#usr/share/doc/libvirt/html/architecture.html
-#usr/share/doc/libvirt/html/auditlog.html
-#usr/share/doc/libvirt/html/auth.html
-#usr/share/doc/libvirt/html/best-practices.html
-#usr/share/doc/libvirt/html/bindings.html
-#usr/share/doc/libvirt/html/browserconfig.xml
-#usr/share/doc/libvirt/html/bugs.html
-#usr/share/doc/libvirt/html/cgroups.html
-#usr/share/doc/libvirt/html/ci.html
-#usr/share/doc/libvirt/html/coding-style.html
-#usr/share/doc/libvirt/html/committer-guidelines.html
-#usr/share/doc/libvirt/html/compiling.html
-#usr/share/doc/libvirt/html/contact.html
-#usr/share/doc/libvirt/html/contribute.html
-#usr/share/doc/libvirt/html/csharp.html
-#usr/share/doc/libvirt/html/daemons.html
-#usr/share/doc/libvirt/html/dbus.html
-#usr/share/doc/libvirt/html/developer-tooling.html
-#usr/share/doc/libvirt/html/devguide.html
-#usr/share/doc/libvirt/html/docs.html
-#usr/share/doc/libvirt/html/downloads.html
-#usr/share/doc/libvirt/html/drivers.html
-#usr/share/doc/libvirt/html/drvbhyve.html
-#usr/share/doc/libvirt/html/drvesx.html
-#usr/share/doc/libvirt/html/drvhyperv.html
-#usr/share/doc/libvirt/html/drvlxc.html
-#usr/share/doc/libvirt/html/drvnodedev.html
-#usr/share/doc/libvirt/html/drvopenvz.html
-#usr/share/doc/libvirt/html/drvqemu.html
-#usr/share/doc/libvirt/html/drvremote.html
-#usr/share/doc/libvirt/html/drvsecret.html
-#usr/share/doc/libvirt/html/drvtest.html
-#usr/share/doc/libvirt/html/drvvbox.html
-#usr/share/doc/libvirt/html/drvvirtuozzo.html
-#usr/share/doc/libvirt/html/drvvmware.html
-#usr/share/doc/libvirt/html/drvxen.html
-#usr/share/doc/libvirt/html/errors.html
-#usr/share/doc/libvirt/html/favicon-16x16.png
-#usr/share/doc/libvirt/html/favicon-32x32.png
-#usr/share/doc/libvirt/html/favicon.ico
-#usr/share/doc/libvirt/html/firewall.html
-#usr/share/doc/libvirt/html/fonts
-#usr/share/doc/libvirt/html/fonts/LICENSE.rst
-#usr/share/doc/libvirt/html/fonts/overpass-bold-italic.woff
-#usr/share/doc/libvirt/html/fonts/overpass-bold.woff
-#usr/share/doc/libvirt/html/fonts/overpass-italic.woff
-#usr/share/doc/libvirt/html/fonts/overpass-light-italic.woff
-#usr/share/doc/libvirt/html/fonts/overpass-light.woff
-#usr/share/doc/libvirt/html/fonts/overpass-mono-bold.woff
-#usr/share/doc/libvirt/html/fonts/overpass-mono-light.woff
-#usr/share/doc/libvirt/html/fonts/overpass-mono-regular.woff
-#usr/share/doc/libvirt/html/fonts/overpass-mono-semibold.woff
-#usr/share/doc/libvirt/html/fonts/overpass-regular.woff
-#usr/share/doc/libvirt/html/fonts/stylesheet.css
-#usr/share/doc/libvirt/html/format.html
-#usr/share/doc/libvirt/html/formatbackup.html
-#usr/share/doc/libvirt/html/formatcaps.html
-#usr/share/doc/libvirt/html/formatcheckpoint.html
-#usr/share/doc/libvirt/html/formatdomain.html
-#usr/share/doc/libvirt/html/formatdomaincaps.html
-#usr/share/doc/libvirt/html/formatnetwork.html
-#usr/share/doc/libvirt/html/formatnetworkport.html
-#usr/share/doc/libvirt/html/formatnode.html
-#usr/share/doc/libvirt/html/formatnwfilter.html
-#usr/share/doc/libvirt/html/formatsecret.html
-#usr/share/doc/libvirt/html/formatsnapshot.html
-#usr/share/doc/libvirt/html/formatstorage.html
-#usr/share/doc/libvirt/html/formatstoragecaps.html
-#usr/share/doc/libvirt/html/formatstorageencryption.html
-#usr/share/doc/libvirt/html/generic.css
-#usr/share/doc/libvirt/html/goals.html
-#usr/share/doc/libvirt/html/governance.html
-#usr/share/doc/libvirt/html/hacking.html
-#usr/share/doc/libvirt/html/hooks.html
-#usr/share/doc/libvirt/html/html
-#usr/share/doc/libvirt/html/html/home.png
-#usr/share/doc/libvirt/html/html/index-admin.html
-#usr/share/doc/libvirt/html/html/index-lxc.html
-#usr/share/doc/libvirt/html/html/index-qemu.html
-#usr/share/doc/libvirt/html/html/index.html
-#usr/share/doc/libvirt/html/html/left.png
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-admin.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-common.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-checkpoint.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-snapshot.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-event.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-host.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-interface.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-lxc.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-network.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-nodedev.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-nwfilter.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-qemu.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-secret.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-storage.html
-#usr/share/doc/libvirt/html/html/libvirt-libvirt-stream.html
-#usr/share/doc/libvirt/html/html/libvirt-virterror.html
-#usr/share/doc/libvirt/html/html/right.png
-#usr/share/doc/libvirt/html/html/up.png
-#usr/share/doc/libvirt/html/hvsupport.html
-#usr/share/doc/libvirt/html/index.html
-#usr/share/doc/libvirt/html/internals
-#usr/share/doc/libvirt/html/internals.html
-#usr/share/doc/libvirt/html/internals/command.html
-#usr/share/doc/libvirt/html/internals/eventloop.html
-#usr/share/doc/libvirt/html/internals/locking.html
-#usr/share/doc/libvirt/html/internals/rpc.html
-#usr/share/doc/libvirt/html/java.html
-#usr/share/doc/libvirt/html/js
-#usr/share/doc/libvirt/html/js/main.js
-#usr/share/doc/libvirt/html/kbase
-#usr/share/doc/libvirt/html/kbase.html
-#usr/share/doc/libvirt/html/kbase/backing_chains.html
-#usr/share/doc/libvirt/html/kbase/domainstatecapture.html
-#usr/share/doc/libvirt/html/kbase/incrementalbackupinternals.html
-#usr/share/doc/libvirt/html/kbase/kvm-realtime.html
-#usr/share/doc/libvirt/html/kbase/launch_security_sev.html
-#usr/share/doc/libvirt/html/kbase/locking-lockd.html
-#usr/share/doc/libvirt/html/kbase/locking-sanlock.html
-#usr/share/doc/libvirt/html/kbase/locking.html
-#usr/share/doc/libvirt/html/kbase/qemu-passthrough-security.html
-#usr/share/doc/libvirt/html/kbase/rpm-deployment.html
-#usr/share/doc/libvirt/html/kbase/s390_protected_virt.html
-#usr/share/doc/libvirt/html/kbase/secureusage.html
-#usr/share/doc/libvirt/html/kbase/virtiofs.html
-#usr/share/doc/libvirt/html/libvirt-daemon-arch.png
-#usr/share/doc/libvirt/html/libvirt-driver-arch.png
-#usr/share/doc/libvirt/html/libvirt-go-xml.html
-#usr/share/doc/libvirt/html/libvirt-go.html
-#usr/share/doc/libvirt/html/libvirt-object-model.png
-#usr/share/doc/libvirt/html/libvirt-virConnect-example.png
-#usr/share/doc/libvirt/html/libvirt.css
-#usr/share/doc/libvirt/html/logging.html
-#usr/share/doc/libvirt/html/logos
-#usr/share/doc/libvirt/html/logos/logo-banner-dark-256.png
-#usr/share/doc/libvirt/html/logos/logo-banner-dark-800.png
-#usr/share/doc/libvirt/html/logos/logo-banner-dark.svg
-#usr/share/doc/libvirt/html/logos/logo-banner-light-256.png
-#usr/share/doc/libvirt/html/logos/logo-banner-light-800.png
-#usr/share/doc/libvirt/html/logos/logo-banner-light.svg
-#usr/share/doc/libvirt/html/logos/logo-base.svg
-#usr/share/doc/libvirt/html/logos/logo-square-128.png
-#usr/share/doc/libvirt/html/logos/logo-square-192.png
-#usr/share/doc/libvirt/html/logos/logo-square-256.png
-#usr/share/doc/libvirt/html/logos/logo-square-96.png
-#usr/share/doc/libvirt/html/logos/logo-square-powered-128.png
-#usr/share/doc/libvirt/html/logos/logo-square-powered-192.png
-#usr/share/doc/libvirt/html/logos/logo-square-powered-256.png
-#usr/share/doc/libvirt/html/logos/logo-square-powered-96.png
-#usr/share/doc/libvirt/html/logos/logo-square-powered.svg
-#usr/share/doc/libvirt/html/logos/logo-square.svg
-#usr/share/doc/libvirt/html/main.css
-#usr/share/doc/libvirt/html/manifest.json
-#usr/share/doc/libvirt/html/manpages
-#usr/share/doc/libvirt/html/manpages/index.html
-#usr/share/doc/libvirt/html/manpages/libvirtd.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-atset1.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-atset2.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-atset3.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-linux.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-osx.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-qnum.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-usb.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-win32.html
-#usr/share/doc/libvirt/html/manpages/virkeycode-xtkbd.html
-#usr/share/doc/libvirt/html/manpages/virkeyname-linux.html
-#usr/share/doc/libvirt/html/manpages/virkeyname-osx.html
-#usr/share/doc/libvirt/html/manpages/virkeyname-win32.html
-#usr/share/doc/libvirt/html/manpages/virsh.html
-#usr/share/doc/libvirt/html/manpages/virt-admin.html
-#usr/share/doc/libvirt/html/manpages/virt-host-validate.html
-#usr/share/doc/libvirt/html/manpages/virt-login-shell.html
-#usr/share/doc/libvirt/html/manpages/virt-pki-validate.html
-#usr/share/doc/libvirt/html/manpages/virt-qemu-run.html
-#usr/share/doc/libvirt/html/manpages/virt-sanlock-cleanup.html
-#usr/share/doc/libvirt/html/manpages/virt-xml-validate.html
-#usr/share/doc/libvirt/html/manpages/virtlockd.html
-#usr/share/doc/libvirt/html/manpages/virtlogd.html
-#usr/share/doc/libvirt/html/migration-managed-direct.png
-#usr/share/doc/libvirt/html/migration-managed-p2p.png
-#usr/share/doc/libvirt/html/migration-native.png
-#usr/share/doc/libvirt/html/migration-tunnel.png
-#usr/share/doc/libvirt/html/migration-unmanaged-direct.png
-#usr/share/doc/libvirt/html/migration.html
-#usr/share/doc/libvirt/html/mobile.css
-#usr/share/doc/libvirt/html/mstile-150x150.png
-#usr/share/doc/libvirt/html/newreposetup.html
-#usr/share/doc/libvirt/html/news.html
-#usr/share/doc/libvirt/html/node.gif
-#usr/share/doc/libvirt/html/nss.html
-#usr/share/doc/libvirt/html/pci-addresses.html
-#usr/share/doc/libvirt/html/pci-hotplug.html
-#usr/share/doc/libvirt/html/php.html
-#usr/share/doc/libvirt/html/platforms.html
-#usr/share/doc/libvirt/html/programming-languages.html
-#usr/share/doc/libvirt/html/python.html
-#usr/share/doc/libvirt/html/remote.html
-#usr/share/doc/libvirt/html/securityprocess.html
-#usr/share/doc/libvirt/html/storage.html
-#usr/share/doc/libvirt/html/strategy.html
-#usr/share/doc/libvirt/html/styleguide.html
-#usr/share/doc/libvirt/html/submitting-patches.html
-#usr/share/doc/libvirt/html/support.html
-#usr/share/doc/libvirt/html/testapi.html
-#usr/share/doc/libvirt/html/testsuites.html
-#usr/share/doc/libvirt/html/testtck.html
-#usr/share/doc/libvirt/html/tlscerts.html
-#usr/share/doc/libvirt/html/uri.html
-#usr/share/doc/libvirt/html/virshcmdref.html
-#usr/share/doc/libvirt/html/windows.html
#usr/share/libvirt
-#usr/share/libvirt/api
-usr/share/libvirt/api/libvirt-admin-api.xml
-usr/share/libvirt/api/libvirt-api.xml
-usr/share/libvirt/api/libvirt-lxc-api.xml
-usr/share/libvirt/api/libvirt-qemu-api.xml
#usr/share/libvirt/cpu_map
+#usr/share/libvirt/cpu_map/arm_FT-2000plus.xml
#usr/share/libvirt/cpu_map/arm_Falkor.xml
#usr/share/libvirt/cpu_map/arm_Kunpeng-920.xml
+#usr/share/libvirt/cpu_map/arm_Tengyun-S2500.xml
#usr/share/libvirt/cpu_map/arm_ThunderX299xx.xml
#usr/share/libvirt/cpu_map/arm_cortex-a53.xml
#usr/share/libvirt/cpu_map/arm_cortex-a57.xml
usr/share/libvirt/cpu_map/x86_Cooperlake.xml
usr/share/libvirt/cpu_map/x86_Dhyana.xml
usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml
usr/share/libvirt/cpu_map/x86_EPYC.xml
usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml
usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml
usr/share/libvirt/cpu_map/x86_Skylake-Server-IBRS.xml
usr/share/libvirt/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml
usr/share/libvirt/cpu_map/x86_Skylake-Server.xml
+usr/share/libvirt/cpu_map/x86_Snowridge.xml
usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml
usr/share/libvirt/cpu_map/x86_Westmere.xml
usr/share/libvirt/cpu_map/x86_athlon.xml
usr/share/libvirt/cpu_map/x86_qemu32.xml
usr/share/libvirt/cpu_map/x86_qemu64.xml
usr/share/libvirt/cpu_map/x86_vendors.xml
-#usr/share/libvirt/schemas
-usr/share/libvirt/schemas/basictypes.rng
-usr/share/libvirt/schemas/capability.rng
-usr/share/libvirt/schemas/cputypes.rng
-usr/share/libvirt/schemas/domain.rng
-#usr/share/libvirt/schemas/domainbackup.rng
-usr/share/libvirt/schemas/domaincaps.rng
-usr/share/libvirt/schemas/domaincheckpoint.rng
-usr/share/libvirt/schemas/domaincommon.rng
-usr/share/libvirt/schemas/domainsnapshot.rng
-usr/share/libvirt/schemas/interface.rng
-usr/share/libvirt/schemas/network.rng
-usr/share/libvirt/schemas/networkcommon.rng
-usr/share/libvirt/schemas/networkport.rng
-usr/share/libvirt/schemas/nodedev.rng
-usr/share/libvirt/schemas/nwfilter.rng
-usr/share/libvirt/schemas/nwfilter_params.rng
-usr/share/libvirt/schemas/nwfilterbinding.rng
-usr/share/libvirt/schemas/secret.rng
-usr/share/libvirt/schemas/storagecommon.rng
-usr/share/libvirt/schemas/storagepool.rng
-usr/share/libvirt/schemas/storagepoolcaps.rng
-usr/share/libvirt/schemas/storagevol.rng
#usr/share/libvirt/test-screenshot.png
-#usr/share/man/man1/virsh.1
-#usr/share/man/man1/virt-admin.1
-#usr/share/man/man1/virt-host-validate.1
-#usr/share/man/man1/virt-login-shell.1
-#usr/share/man/man1/virt-pki-validate.1
-#usr/share/man/man1/virt-qemu-run.1
-#usr/share/man/man1/virt-xml-validate.1
-#usr/share/man/man7/virkeycode-atset1.7
-#usr/share/man/man7/virkeycode-atset2.7
-#usr/share/man/man7/virkeycode-atset3.7
-#usr/share/man/man7/virkeycode-linux.7
-#usr/share/man/man7/virkeycode-osx.7
-#usr/share/man/man7/virkeycode-qnum.7
-#usr/share/man/man7/virkeycode-usb.7
-#usr/share/man/man7/virkeycode-win32.7
-#usr/share/man/man7/virkeycode-xtkbd.7
-#usr/share/man/man7/virkeyname-linux.7
-#usr/share/man/man7/virkeyname-osx.7
-#usr/share/man/man7/virkeyname-win32.7
-#usr/share/man/man8/libvirtd.8
-#usr/share/man/man8/virtlockd.8
-#usr/share/man/man8/virtlogd.8
+#usr/share/locale/as/LC_MESSAGES/libvirt.mo
+#usr/share/locale/bg/LC_MESSAGES/libvirt.mo
+#usr/share/locale/bn_IN/LC_MESSAGES/libvirt.mo
+#usr/share/locale/bs/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ca/LC_MESSAGES/libvirt.mo
+#usr/share/locale/cs/LC_MESSAGES/libvirt.mo
+#usr/share/locale/da/LC_MESSAGES/libvirt.mo
+#usr/share/locale/de/LC_MESSAGES/libvirt.mo
+#usr/share/locale/el/LC_MESSAGES/libvirt.mo
+#usr/share/locale/en_GB/LC_MESSAGES/libvirt.mo
+#usr/share/locale/es/LC_MESSAGES/libvirt.mo
+#usr/share/locale/fi/LC_MESSAGES/libvirt.mo
+#usr/share/locale/fr/LC_MESSAGES/libvirt.mo
+#usr/share/locale/gu/LC_MESSAGES/libvirt.mo
+#usr/share/locale/hi/LC_MESSAGES/libvirt.mo
+#usr/share/locale/hu/LC_MESSAGES/libvirt.mo
+#usr/share/locale/id/LC_MESSAGES/libvirt.mo
+#usr/share/locale/it/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ja/LC_MESSAGES/libvirt.mo
+#usr/share/locale/kn/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ko/LC_MESSAGES/libvirt.mo
+#usr/share/locale/mk/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ml/LC_MESSAGES/libvirt.mo
+#usr/share/locale/mr/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ms/LC_MESSAGES/libvirt.mo
+#usr/share/locale/nb/LC_MESSAGES/libvirt.mo
+#usr/share/locale/nl/LC_MESSAGES/libvirt.mo
+#usr/share/locale/or/LC_MESSAGES/libvirt.mo
+#usr/share/locale/pa/LC_MESSAGES/libvirt.mo
+#usr/share/locale/pl/LC_MESSAGES/libvirt.mo
+#usr/share/locale/pt/LC_MESSAGES/libvirt.mo
+#usr/share/locale/pt_BR/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ru/LC_MESSAGES/libvirt.mo
+#usr/share/locale/si/LC_MESSAGES/libvirt.mo
+#usr/share/locale/sr/LC_MESSAGES/libvirt.mo
+#usr/share/locale/sr@latin/LC_MESSAGES/libvirt.mo
+#usr/share/locale/sv/LC_MESSAGES/libvirt.mo
+#usr/share/locale/ta/LC_MESSAGES/libvirt.mo
+#usr/share/locale/te/LC_MESSAGES/libvirt.mo
+#usr/share/locale/tr/LC_MESSAGES/libvirt.mo
+#usr/share/locale/uk/LC_MESSAGES/libvirt.mo
+#usr/share/locale/vi/LC_MESSAGES/libvirt.mo
+#usr/share/locale/zh_CN/LC_MESSAGES/libvirt.mo
+#usr/share/locale/zh_TW/LC_MESSAGES/libvirt.mo
#var/cache/libvirt
#var/cache/libvirt/qemu
var/ipfire/backup/addons/includes/libvirt
#var/lib/libvirt
#var/lib/libvirt/boot
+#var/lib/libvirt/ch
#var/lib/libvirt/filesystems
#var/lib/libvirt/images
#var/lib/libvirt/lockd
+#usr/lib/perl5/site_perl/5.32.1/File
usr/lib/perl5/site_perl/5.32.1/File/ReadBackwards.pm
#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File
#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/ReadBackwards
#usr/lib/python3.8/site-packages/easy-install.pth
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/PKG-INFO
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/SOURCES.txt
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/dependency_links.txt
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/entry_points.txt
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/not-zip-safe
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/requires.txt
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/top_level.txt
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack/override.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/__init__.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/appdirs.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/__about__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_structures.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_typing.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/markers.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/requirements.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/specifiers.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/tags.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/utils.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/version.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/pyparsing.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/extern
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/extern/__init__.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data/my-test-package-source
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data/my-test-package-source/setup.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_deprecation_warning.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/_msvccompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/archive_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/bcppcompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/ccompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/cmd.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_dumb.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_msi.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_rpm.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_wininst.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_clib.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_ext.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_py.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_scripts.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/check.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/clean.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/config.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_data.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_egg_info.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_headers.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_lib.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_scripts.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/py37compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/register.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/sdist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/upload.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/config.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/core.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/cygwinccompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/debug.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dep_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dir_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/errors.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/extension.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/fancy_getopt.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/file_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/filelist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/log.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/msvc9compiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/msvccompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/py35compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/py38compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/spawn.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/sysconfig.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/text_file.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/unixccompiler.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/version.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/versionpredicate.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_imp.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/ordered_set.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/__about__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_structures.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_typing.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/markers.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/requirements.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/specifiers.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/tags.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/utils.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/version.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/pyparsing.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/archive_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/build_meta.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli-32.exe
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli-64.exe
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli.exe
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/alias.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/bdist_egg.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/bdist_rpm.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_clib.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_ext.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_py.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/develop.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/dist_info.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/easy_install.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/egg_info.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_egg_info.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_lib.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_scripts.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/launcher
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/PKG-INFO
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/SOURCES.txt
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/dependency_links.txt
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/entry_points.txt
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/not-zip-safe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/requires.txt
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/top_level.txt
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack/override.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/__init__.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/appdirs.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/__about__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_structures.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_typing.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/markers.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/requirements.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/specifiers.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/tags.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/utils.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/version.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/pyparsing.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/extern
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/extern/__init__.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data/my-test-package-source
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data/my-test-package-source/setup.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_deprecation_warning.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/_msvccompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/archive_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/bcppcompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/ccompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/cmd.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_dumb.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_msi.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_rpm.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_wininst.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_clib.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_ext.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_py.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_scripts.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/check.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/clean.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/config.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_data.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_egg_info.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_headers.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_lib.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_scripts.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/py37compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/register.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/sdist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/upload.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/config.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/core.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/cygwinccompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/debug.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dep_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dir_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/errors.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/extension.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/fancy_getopt.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/file_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/filelist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/log.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/msvc9compiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/msvccompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/py35compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/py38compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/spawn.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/sysconfig.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/text_file.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/unixccompiler.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/version.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/versionpredicate.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_imp.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/__init__.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/more.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/recipes.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/ordered_set.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/__about__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_structures.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_typing.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/markers.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/requirements.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/specifiers.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/tags.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/utils.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/version.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/pyparsing.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/archive_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/build_meta.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli-32.exe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli-64.exe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli.exe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/alias.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/bdist_egg.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/bdist_rpm.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_clib.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_ext.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_py.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/develop.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/dist_info.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/easy_install.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/egg_info.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_egg_info.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_lib.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_scripts.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/launcher
#manifest.xml
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/py36compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/register.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/rotate.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/saveopts.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/sdist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/setopt.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/test.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/upload.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/upload_docs.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/config.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/dep_util.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/depends.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/dist.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/errors.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extension.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extern
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extern/__init__.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/glob.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui-32.exe
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui-64.exe
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui.exe
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/installer.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/launch.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/lib2to3_ex.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/monkey.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/msvc.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/namespaces.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/package_index.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/py34compat.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/sandbox.py
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/script
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/py36compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/register.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/rotate.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/saveopts.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/sdist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/setopt.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/test.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/upload.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/upload_docs.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/config.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/dep_util.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/depends.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/dist.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/errors.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extension.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extern
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extern/__init__.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/glob.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui-32.exe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui-64.exe
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui.exe
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/installer.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/launch.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/monkey.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/msvc.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/namespaces.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/package_index.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/py34compat.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/sandbox.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/script
#(dev).tmpl
-#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/script.tmpl
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/ssl_support.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/unicode_utils.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/version.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/wheel.py
-usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/windows_support.py
+#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/script.tmpl
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/unicode_utils.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/version.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/wheel.py
+usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/windows_support.py
#usr/lib/python3.8/site-packages/setuptools.pth
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2021 IPFire Development Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Old file declarations
+my $old_rules_settings_file = "$IDS::settingsdir/rules-settings";
+my $old_used_rulefiles_file = "$IDS::settingsdir/suricata-used-rulefiles.yaml";
+my $old_enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf";
+my $old_disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf";
+my $old_rules_tarball = "/var/tmp/idsrules.tar.gz";
+
+# Script wide variable to store the used ruleset provider.
+my $ruleset_provider;
+
+# Hashes to store the old and new settings.
+my %old_rules_settings = ();
+my %idssettings = ();
+my %providers_settings = ();
+
+exit unless(-f $IDS::ids_settings_file and -f $old_rules_settings_file);
+
+# Read-in all settings.
+&General::readhash($old_rules_settings_file, \%old_rules_settings);
+&General::readhash($IDS::ids_settings_file, \%idssettings);
+
+#
+## Step 1: Create new file layout
+#
+&IDS::check_and_create_filelayout();
+
+#
+## Step 2: Migrate automatic update interval.
+#
+
+# Get old configured autoupdate interval.
+my $autoupdate_interval = $old_rules_settings{'AUTOUPDATE_INTERVAL'};
+
+# Check for valid intervals.
+if ($autoupdate_interval eq "off" || $autoupdate_interval eq "daily" || $autoupdate_interval eq "weekly") {
+ # Put the setting to the new configuration location.
+ $idssettings{'AUTOUPDATE_INTERVAL'} = $autoupdate_interval;
+} else {
+ # Swith to default which should be weekly.
+ $idssettings{'AUTOUPDATE_INTERVAL'} = "weekly";
+}
+
+# Store the updated idssettings file.
+&General::writehash($IDS::ids_settings_file, \%idssettings);
+
+#
+## Step 3: Migrate the providers settings.
+#
+
+# Try to get the previously configured provider.
+$ruleset_provider = $old_rules_settings{'RULES'};
+
+# Exit the script if no ruleset provider has configured.
+exit unless ($ruleset_provider);
+
+# Defaults.
+my $id = "1";
+my $enabled = "enabled";
+my $autoupdate_status = "enabled";
+
+# Try to get a configured subscription code.
+my $subscription_code = $old_rules_settings{'OINKCODE'};
+
+# Check if the autoupdate should be disabled.
+if ($idssettings{'AUTOUPDATE_INTERVAL'} eq "off") {
+ # Set the autoupdate for the provider to disabled.
+ $autoupdate_status = "disabled";
+}
+
+# Create and assign the provider structure to the providers hash.
+$providers_settings{$id} = [ "$ruleset_provider", "$subscription_code", "$autoupdate_status", "$enabled" ];
+
+# Write the converted provider settings to the new providers-settings file.
+&General::writehasharray($IDS::providers_settings_file, \%providers_settings);
+
+# Set correct ownership.
+&IDS::set_ownership("$IDS::providers_settings_file");
+
+# Remove old rules settings file.
+unlink($old_rules_settings_file);
+
+#
+## Step 4: Rename downloaded rulestarball to new name sheme.
+#
+
+# Check if a rulestarball exists.
+if (-f $old_rules_tarball) {
+ # Load perl module which contains the move command.
+ use File::Copy;
+
+ # Call function to generate the path and filename for the new rules tarball name.
+ my $new_rules_tarball = &IDS::_get_dl_rulesfile($ruleset_provider);
+
+ # Move the rulestarball to the new location.
+ move($old_rules_tarball, $new_rules_tarball);
+
+ # Set correct ownership.
+ &IDS::set_ownership("$new_rules_tarball");
+}
+
+#
+## Step 5: Migrate oinkmaster configuration files for enabled and disabled rules.
+#
+
+# Read-in old enabled / disabled sids files.
+my %enabled_disabled_sids = (
+ &IDS::read_enabled_disabled_sids_file($old_enabled_sids_file),
+ &IDS::read_enabled_disabled_sids_file($old_disabled_sids_file)
+);
+
+# Check if any modifications have been done.
+if (%enabled_disabled_sids) {
+ # Get path and filename for new file.
+ my $oinkmaster_provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($ruleset_provider);
+
+ # Open the new file for writing.
+ open (FILE, ">", $oinkmaster_provider_modified_sids_file) or die "Could not write to $oinkmaster_provider_modified_sids_file. $!\n";
+
+ # Write header to the files.
+ print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the hash.
+ foreach my $sid (keys %enabled_disabled_sids) {
+ # Check if the sid is enabled.
+ if ($enabled_disabled_sids{$sid} eq "enabled") {
+ # Print the sid as enabled to the file.
+ print FILE "enablesid $sid\n";
+ # Check if the sid is disabled.
+ } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
+ # Print the sid as disabled to the file.
+ print FILE "disablesid $sid\n";
+ # Something strange happende - skip the current sid.
+ } else {
+ next;
+ }
+ }
+
+ # Close the file handle.
+ close(FILE);
+
+ # Add the provider modifications file to the oinkmaster provider includes file.
+ &IDS::alter_oinkmaster_provider_includes_file("add", "$ruleset_provider");
+
+ # Set correct ownership for the new generated file.
+ &IDS::set_ownership("$oinkmaster_provider_modified_sids_file");
+}
+
+# Set correct ownership for the main file.
+&IDS::set_ownership("$IDS::oinkmaster_provider_includes_file");
+
+# Remove old files.
+unlink($old_enabled_sids_file);
+unlink($old_disabled_sids_file);
+
+#
+## Step 6: Call oinkmaster and regenerate the ruleset structures.
+#
+&IDS::oinkmaster();
+
+# Set correct ownerships.
+&IDS::set_ownership("$IDS::rulespath");
+
+#
+## Step 7: Migrate used rulefiles into new format.
+#
+
+# Check if the a used rulesfile exists.
+if (-f $old_used_rulefiles_file) {
+ # Array to collect the used rulefiles.
+ my @used_rulefiles = ();
+
+ # Open the file or used rulefiles and read-in content.
+ open(FILE, $old_used_rulefiles_file) or die "Could not open $old_used_rulefiles_file. $!\n";
+
+ while (<FILE>) {
+ # Assign the current line to a nice variable.
+ my $line = $_;
+
+ # Remove newlines.
+ chomp($line);
+
+ # Skip comments.
+ next if ($line =~ /\#/);
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Gather the rulefile.
+ if ($line =~ /.*- (.*)/) {
+ my $rulefile = $1;
+
+ # Skip whitelist.rules and local.rules
+ next if ($rulefile eq "whitelist.rules" || $rulefile eq "local.rules");
+
+ # Splitt the filename into chunks.
+ my @filename = split("-", $rulefile);
+
+ # Reverse the array.
+ @filename = reverse(@filename);
+
+ # Get the amount of elements in the array.
+ my $elements = @filename;
+
+ # Remove last element of the hash.
+ # It contains the vendor name, which will be replaced.
+ if ($elements >= 3) {
+ # Remove last element from hash.
+ pop(@filename);
+ }
+
+ # Check if the last element of the filename does not
+ # contain the providers name.
+ if ($filename[-1] ne "$ruleset_provider") {
+ # Add provider name as last element.
+ push(@filename, $ruleset_provider);
+ }
+
+ # Reverse the array back.
+ @filename = reverse(@filename);
+
+ # Generate the name for the rulesfile.
+ $rulefile = join("-", @filename);
+
+ # Add the rulefile to the array of used rulesfiles.
+ push(@used_rulefiles, $rulefile);
+ }
+ }
+
+ # Close the file.
+ close(FILE);
+
+ # Write the new provider exclusive used rulesfiles file.
+ &IDS::write_used_provider_rulefiles_file($ruleset_provider, @used_rulefiles);
+
+ # Write main used rulefiles file.
+ &IDS::write_main_used_rulefiles_file("$ruleset_provider");
+
+ # Get the provider specific used rulefiles file name.
+ my $provider_used_rulefiles_file = &IDS::get_used_provider_rulesfile_file($ruleset_provider);
+
+ # Set correct ownerships.
+ &IDS::set_ownership("$provider_used_rulefiles_file");
+ &IDS::set_ownership("$IDS::suricata_used_providers_file");
+ &IDS::set_ownership("$IDS::suricata_default_rulefiles_file");
+}
+
+# Remove old used rulefiles file.
+unlink($old_used_rulefiles_file);
+
+#
+## Step 8: Reload the IDS ruleset if running.
+#
+
+# Check if the IDS is running.
+if(&IDS::ids_is_running()) {
+ # Call suricatactrl to restart it.
+ &IDS::call_suricatactrl("restart");
+}
#
# Add default value for MONITOR_TRAFFIC_ONLY which will be "on"
# when migrating from snort to the new IDS.
-my %idssettings = (
- "MONITOR_TRAFFIC_ONLY" => "on",
-);
-
-# Hash which contains the RULES settings.
#
# Set default value for UPDATE_INTERVAL to weekly.
-my %rulessettings = (
+my %idssettings = (
+ "MONITOR_TRAFFIC_ONLY" => "on",
"AUTOUPDATE_INTERVAL" => "weekly",
);
}
}
-# Grab the choosen ruleset from snort settings hash and store it in the rules
-# settings hash.
-$rulessettings{"RULES"} = $snortsettings{"RULES"};
+# Hash to store the provider settings.
+my %providersettings = ();
+
+# Default ID.
+$id = "1";
+
+# Grab the choosen ruleset from snort settings hash.
+my $provider = $snortsettings{"RULES"};
+my $subscription_code;
# Check if an oinkcode has been provided.
if($snortsettings{"OINKCODE"}) {
- # Take the oinkcode from snort settings hash and store it in the rules
- # settings hash.
- $rulessettings{"OINKCODE"} = $snortsettings{"OINKCODE"};
+ # Take the oinkcode from snort settings hash.
+ $subscription_code = $snortsettings{"OINKCODE"};
}
+# Generate providers config line and add it to the provider settings hash.
+#
+# Enabled automatic ruleste updates and the usage of the provider.
+$providersettings{$id} = [ "$provider", "$subscription_code", "enabled", "enabled" ];
+
#
## Step 4: Import guardian settings and whitelist if the addon is installed.
#
# Write IDS settings.
&General::writehash("$IDS::ids_settings_file", \%idssettings);
-# Write rules settings.
-&General::writehash("$IDS::rules_settings_file", \%rulessettings);
+# Write provider settings.
+&General::writehash("$IDS::providers_settings_file", \%providersettings);
#
## Step 6: Generate and write the file to modify the ruleset.
## Step 7: Move rulestarball to its new location.
#
+# Grab file and path to store the provider rules tarball.
+my $rulestarball = &IDS::_get_dl_rulesfile($provider);
+
# Check if a rulestarball has been downloaded yet.
if (-f $snort_rules_tarball) {
# Load perl module which contains the move command.
use File::Copy;
# Move the rulestarball to the new location.
- move($snort_rules_tarball, $IDS::rulestarball);
+ move($snort_rules_tarball, $rulestarball);
# Set correct ownership.
- &IDS::set_ownership("$IDS::rulestarball");
+ &IDS::set_ownership("$rulestarball");
# In case no tarball is present, try to download the ruleset.
} else {
#
# Check if a rulestarball is present.
-if (-f $IDS::rulestarball) {
+if (-f $rulestarball) {
# Launch oinkmaster by calling the subfunction.
&IDS::oinkmaster();
## Step 12: Setup automatic ruleset updates.
#
-# Check if a ruleset is configured.
-if($rulessettings{"RULES"}) {
+# Check if a provider is configured.
+if(%providersettings) {
# Call suricatactrl and setup the periodic update mechanism.
- &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
+ &IDS::call_suricatactrl("cron", $idssettings{'AUTOUPDATE_INTERVAL'});
}
#
close(SNORTCONF);
# Pass the array of enabled rule files to the subfunction and write the file.
-&IDS::write_used_rulefiles_file(@enabled_rule_files);
+&IDS::write_used_provider_rulefiles_file("$provider", @enabled_rule_files);
+&IDS::write_main_used_rulefiles_file("$provider");
+
+# Grab the used provider rulesfile file path and name.
+my $used_provider_rulesfile_file = &IDS::get_used_provider_rulesfile_file("$provider");
+
+# Set correct ownership for new files.
+&IDS::set_ownership("$suricata_used_providers_file");
+&IDS::set_ownership("$suricata_static_rulefiles_file");
+&IDS::set_ownership("$used_provider_rulesfile_file");
#
## Step 14: Start the IDS if enabled.
-# Ruleset for registered sourcefire users.
-registered = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>
+package IDS::Ruleset;
-# Ruleset for registered sourcefire users with valid subscription.
-subscripted = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>
+# This file contains the supported ruleset providers.
+#
+# Each one is defined as a hash in the main hash.
+# It's name acts as handle/key and the key/value pair acts as data part.
+# So the structure is like the following:
+#
+# handle => {
+# summary => A short summary of the service. This also will be shown if no translation string is available for the WUI.
+# website => The website of the ruleset provider.
+# tr_string => The translation string which is used by the WUI and part of the language files.
+# requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset.
+# dl_url => The download URL to grab the ruleset.
+# dl_type => "archive/plain" - To specify, if the downloaded file is a packed archive or a plain text file.
+# },
-# Community rules from sourcefire.
-community = https://www.snort.org/rules/community
+# Hash which contains the supported ruleset providers.
+our %Providers = (
+ # Ruleset for registered sourcefire users.
+ registered => {
+ summary => "Talos VRT rules for registered users",
+ website => "https://www.snort.org",
+ tr_string => "registered user rules",
+ requires_subscription => "True",
+ dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>",
+ dl_type => "archive",
+ },
-# Emerging threads community rules.
-emerging = https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz
+ # Ruleset for registered sourcefire users with a valid subsription.
+ subscripted => {
+ summary => "Talos VRT rules with subscription",
+ website => "https://www.snort.org",
+ tr_string => "subscripted user rules",
+ requires_subscription => "True",
+ dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>",
+ dl_type => "archive",
+ },
-# Emerging threads pro rules.
-emerging_pro = https://rules.emergingthreatspro.com/<oinkcode>/suricata-5.0/etpro.rules.tar.gz
+ # Community rules from sourcefire.
+ community => {
+ summary => "Snort/VRT GPLv2 Community Rules",
+ website => "https://www.snort.org",
+ tr_string => "community rules",
+ requires_subscription => "False",
+ dl_url => "https://www.snort.org/rules/community",
+ dl_type => "archive",
+ },
+ # Emerging threads community rules.
+ emerging => {
+ summary => "Emergingthreats.net Community Rules",
+ website => "https://emergingthreats.net/",
+ tr_string => "emerging rules",
+ requires_subscription => "False",
+ dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz",
+ dl_type => "archive",
+ },
+
+ # Emerging threads Pro rules.
+ emerging_pro => {
+ summary => "Emergingthreats.net Pro Rules",
+ website => "https://emergingthreats.net/",
+ tr_string => "emerging pro rules",
+ requires_subscription => "True",
+ dl_url => "https://rules.emergingthreatspro.com/<subscription_code>/suricata-5.0/etpro.rules.tar.gz",
+ dl_type => "archive",
+ },
+
+ # Abuse.ch SSLBL JA3 fingerprint rules.
+ sslbl_ja3 => {
+ summary => "Abuse.ch SSLBL JA3 Rules",
+ website => "https://sslbl.abuse.ch/",
+ tr_string => "sslbl ja3 fingerprint rules",
+ requires_subscription => "False",
+ dl_url => "https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules",
+ dl_type => "plain",
+ },
+
+ # Abuse.ch SSLBL Blacklist rules.
+ sslbl_blacklist => {
+ summary => "Abuse.ch SSLBL Blacklist Rules",
+ website => "https://sslbl.abuse.ch/",
+ tr_string => "sslbl blacklist rules",
+ requires_subscription => "False",
+ dl_url => "https://sslbl.abuse.ch/blacklist/sslblacklist.rules",
+ dl_type => "plain",
+ },
+
+ # Abuse.ch URLhaus Blacklist rules.
+ urlhaus => {
+ summary => "Abuse.ch URLhaus Blacklist Rules",
+ website => "https://urlhaus.abuse.ch/",
+ tr_string => "urlhaus blacklist rules",
+ requires_subscription => "False",
+ dl_url => "https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz",
+ dl_type => "archive",
+ },
+
+ # Etnetera Aggressive Blacklist.
+ etnetera_aggresive => {
+ summary => "Etnetera Aggressive Blacklist Rules",
+ website => "https://security.etnetera.cz/",
+ tr_string => "etnetera aggressive blacklist rules",
+ requires_subscription => "False",
+ dl_url => "https://security.etnetera.cz/feeds/etn_aggressive.rules",
+ dl_type => "plain",
+ },
+
+ # OISF Traffic ID rules.
+ oisf_trafficid => {
+ summary => "OISF Traffic ID Rules",
+ website => "https://www.openinfosecfoundation.org/",
+ tr_string => "oisf traffic id rules",
+ requires_subscription => "False",
+ dl_url => "https://openinfosecfoundation.org/rules/trafficid/trafficid.rules",
+ dl_type => "plain",
+ },
+
+ # Positive Technologies Attack Detection Team rules.
+ attack_detection => {
+ summary => "PT Attack Detection Team Rules",
+ website => "https://github.com/ptresearch/AttackDetection",
+ tr_string => "attack detection team rules",
+ requires_subscription => "False",
+ dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz",
+ dl_type => "archive",
+ },
+
+ # Secureworks Security rules.
+ secureworks_security => {
+ summary => "Secureworks Security Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks security ruleset",
+ requires_subscription => "True",
+ dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz",
+ dl_type => "archive",
+ },
+
+ # Secureworks Malware rules.
+ secureworks_malware => {
+ summary => "Secureworks Malware Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks malware ruleset",
+ requires_subscription => "True",
+ dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz",
+ dl_type => "archive",
+ },
+
+ # Secureworks Enhanced rules.
+ secureworks_enhanced => {
+ summary => "Secureworks Enhanced Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks enhanced ruleset",
+ requires_subscription => "True",
+ dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz",
+ dl_type => "archive",
+ },
+
+ # Travis B. Green hunting rules.
+ tgreen => {
+ summary => "Travis Green - Hunting rules",
+ website => "https://github.com/travisbgreen/hunting-rules",
+ tr_string => "travis green hunting rules",
+ requires_subscription => "False",
+ dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules",
+ dl_type => "plain",
+ },
+);
##
default-rule-path: /var/lib/suricata
rule-files:
- # Include enabled ruleset files from external file
- include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+ # Include enabled ruleset files from external file.
+ include: /var/ipfire/suricata/suricata-used-providers.yaml
# Include default rules.
include: /var/ipfire/suricata/suricata-default-rules.yaml
-classification-file: /var/lib/suricata/classification.config
-reference-config-file: /var/lib/suricata/reference.config
-threshold-file: /var/lib/suricata/threshold.config
-
+classification-file: /usr/share/suricata/classification.config
+reference-config-file: /usr/share/suricata/reference.config
+threshold-file: /usr/share/suricata/threshold.config
##
## Logging options.
# global stats configuration
stats:
- enabled: yes
+ enabled: no
# The interval field (in seconds) controls at what interval
# the loggers are invoked.
interval: 8
# compiled with the --enable-debug configure option.
#
# This value is overriden by the SC_LOG_LEVEL env var.
- default-log-level: notice
+ default-log-level: Info
# A regex to filter output. Can be overridden in an output section.
# Defaults to empty (no filter).
double-decode-path: no
double-decode-query: no
+ # Note: Modbus probe parser is minimalist due to the poor significant field
+ # Only Modbus message length (greater than Modbus header length)
+ # And Protocol ID (equal to 0) are checked in probing parser
+ # It is important to enable detection port and define Modbus port
+ # to avoid false positive
+ modbus:
+ # How many unreplied Modbus requests are considered a flood.
+ # If the limit is reached, app-layer-event:modbus.flooded; will match.
+ #request-flood: 500
+
+ enabled: no
+ detection-ports:
+ dp: 502
+ # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it
+ # is recommended to keep the TCP connection opened with a remote device
+ # and not to open and close it for each MODBUS/TCP transaction. In that
+ # case, it is important to set the depth of the stream reassembling as
+ # unlimited (stream.reassembly.depth: 0)
+
+ # Stream reassembly size for modbus. By default track it completely.
+ stream-depth: 0
+
+ # DNP3
+ dnp3:
+ enabled: no
+ detection-ports:
+ dp: 20000
+
+ # SCADA EtherNet/IP and CIP protocol support
+ enip:
+ enabled: no
+ detection-ports:
+ dp: 44818
+ sp: 44818
+
ntp:
enabled: yes
dhcp:
-Shalla Secure Services,http://www.shallalist.de/Downloads/shallalist.tar.gz
-MESD,http://squidguard.mesd.k12.or.us/blacklists.tgz
Univ. Toulouse,ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
###############################################################################
use strict;
+use experimental 'smartmatch';
# enable only the following on debugging purpose
#use warnings;
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/network-functions.pl";
+# Import ruleset providers file.
+require "$IDS::rulesetsourcesfile";
+
my %color = ();
my %mainsettings = ();
my %idsrules = ();
my %idssettings=();
-my %rulessettings=();
-my %rulesetsources = ();
+my %used_providers=();
my %cgiparams=();
my %checked=();
my %selected=();
unlink($IDS::storederrorfile);
}
-## Grab all available rules and store them in the idsrules hash.
-#
-# Open rules directory and do a directory listing.
-opendir(DIR, $IDS::rulespath) or die $!;
- # Loop through the direcory.
- while (my $file = readdir(DIR)) {
-
- # We only want files.
- next unless (-f "$IDS::rulespath/$file");
+# Gather ruleset details.
+if ($cgiparams{'RULESET'}) {
+ ## Grab all available rules and store them in the idsrules hash.
+ #
- # Ignore empty files.
- next if (-z "$IDS::rulespath/$file");
+ # Get enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
- # Use a regular expression to find files ending in .rules
- next unless ($file =~ m/\.rules$/);
+ # Open rules directory and do a directory listing.
+ opendir(DIR, $IDS::rulespath) or die $!;
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
- # Ignore files which are not read-able.
- next unless (-R "$IDS::rulespath/$file");
+ # We only want files.
+ next unless (-f "$IDS::rulespath/$file");
- # Skip whitelist rules file.
- next if( $file eq "whitelist.rules");
+ # Ignore empty files.
+ next if (-z "$IDS::rulespath/$file");
- # Call subfunction to read-in rulefile and add rules to
- # the idsrules hash.
- &readrulesfile("$file");
- }
+ # Use a regular expression to find files ending in .rules
+ next unless ($file =~ m/\.rules$/);
-closedir(DIR);
+ # Ignore files which are not read-able.
+ next unless (-R "$IDS::rulespath/$file");
-# Gather used rulefiles.
-#
-# Check if the file for activated rulefiles is not empty.
-if(-f $IDS::used_rulefiles_file) {
- # Open the file for used rulefile and read-in content.
- open(FILE, $IDS::used_rulefiles_file) or die "Could not open $IDS::used_rulefiles_file. $!\n";
+ # Skip whitelist rules file.
+ next if( $file eq "whitelist.rules");
- # Read-in content.
- my @lines = <FILE>;
+ # Splitt vendor from filename.
+ my @filename_parts = split(/-/, $file);
- # Close file.
- close(FILE);
+ # Assign vendor name for easy processing.
+ my $vendor = @filename_parts[0];
- # Loop through the array.
- foreach my $line (@lines) {
- # Remove newlines.
- chomp($line);
+ # Skip rulefile if the provider is disabled.
+ next unless ($vendor ~~ @enabled_providers);
- # Skip comments.
- next if ($line =~ /\#/);
+ # Call subfunction to read-in rulefile and add rules to
+ # the idsrules hash.
+ &readrulesfile("$file");
+ }
- # Skip blank lines.
- next if ($line =~ /^\s*$/);
+ closedir(DIR);
- # Gather rule sid and message from the ruleline.
- if ($line =~ /.*- (.*)/) {
- my $rulefile = $1;
+ # Loop through the array of used providers.
+ foreach my $provider (@enabled_providers) {
+ # Gather used rulefiles.
+ my @used_rulesfiles = &IDS::read_used_provider_rulesfiles($provider);
+ # Loop through the array of used rulesfiles.
+ foreach my $rulefile (@used_rulesfiles) {
# Check if the current rulefile exists in the %idsrules hash.
# If not, the file probably does not exist anymore or contains
# no rules.
}
}
-# Save ruleset configuration.
-if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
- my %oldsettings;
- my %rulesetsources;
-
- # Read-in current (old) IDS settings.
- &General::readhash("$IDS::rules_settings_file", \%oldsettings);
-
- # Get all available ruleset locations.
- &General::readhash("$IDS::rulesetsourcesfile", \%rulesetsources);
-
- # Prevent form name from been stored in conf file.
- delete $cgiparams{'RULESET'};
-
- # Grab the URL based on the choosen vendor.
- my $url = $rulesetsources{$cgiparams{'RULES'}};
-
- # Check if the choosen vendor (URL) requires an subscription/oinkcode.
- if ($url =~ /\<oinkcode\>/ ) {
- # Check if an subscription/oinkcode has been provided.
- if ($cgiparams{'OINKCODE'}) {
- # Check if the oinkcode contains unallowed chars.
- unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
- $errormessage = $Lang::tr{'invalid input for oink code'};
- }
- } else {
- # Print an error message, that an subsription/oinkcode is required for this
- # vendor.
- $errormessage = $Lang::tr{'ids oinkcode required'};
- }
- }
-
- # Go on if there are no error messages.
- if (!$errormessage) {
- # Store settings into settings file.
- &General::writehash("$IDS::rules_settings_file", \%cgiparams);
-
- # Check if the the automatic rule update hass been touched.
- if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
- # Call suricatactrl to set the new interval.
- &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
- }
-
- # Check if a ruleset is present - if not or the source has been changed download it.
- if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
- # Check if the red device is active.
- unless (-e "${General::swroot}/red/active") {
- $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
- }
-
- # Check if enough free disk space is availabe.
- if(&IDS::checkdiskspace()) {
- $errormessage = "$Lang::tr{'not enough disk space'}";
- }
-
- # Check if any errors happend.
- unless ($errormessage) {
- # Lock the webpage and print notice about downloading
- # a new ruleset.
- &working_notice("$Lang::tr{'ids working'}");
-
- # Write the modify sid's file and pass the taken ruleaction.
- &IDS::write_modify_sids_file();
-
- # Call subfunction to download the ruleset.
- if(&IDS::downloadruleset()) {
- $errormessage = $Lang::tr{'could not download latest updates'};
-
- # Call function to store the errormessage.
- &IDS::_store_error_message($errormessage);
- } else {
- # Call subfunction to launch oinkmaster.
- &IDS::oinkmaster();
- }
-
- # Check if the IDS is running.
- if(&IDS::ids_is_running()) {
- # Call suricatactrl to stop the IDS - because of the changed
- # ruleset - the use has to configure it before suricata can be
- # used again.
- &IDS::call_suricatactrl("stop");
- }
-
- # Perform a reload of the page.
- &reload();
- }
- }
- }
-
# Save ruleset.
-} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
+if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
# Arrays to store which rulefiles have been enabled and will be used.
my @enabled_rulefiles;
- # Hash to store the user-enabled and disabled sids.
- my %enabled_disabled_sids;
-
# Store if a restart of suricata is required.
my $suricata_restart_required;
}
}
- # Read-in the files for enabled/disabled sids.
- # This will be done by calling the read_enabled_disabled_sids_file function two times
- # and merge the returned hashes together into the enabled_disabled_sids hash.
- %enabled_disabled_sids = (
- &read_enabled_disabled_sids_file($IDS::disabled_sids_file),
- &read_enabled_disabled_sids_file($IDS::enabled_sids_file));
+ # Open oinkmaster main include file for provider modifications.
+ open(OINKM_INCL_FILE, ">", "$IDS::oinkmaster_provider_includes_file") or die "Could not open $IDS::oinkmaster_provider_includes_file. $!\n";
- # Loop through the hash of idsrules.
- foreach my $rulefile (keys %idsrules) {
- # Loop through the single rules of the rulefile.
- foreach my $sid (keys %{$idsrules{$rulefile}}) {
- # Skip the current sid if it is not numeric.
- next unless ($sid =~ /\d+/ );
-
- # Check if there exists a key in the cgiparams hash for this sid.
- if (exists($cgiparams{$sid})) {
- # Look if the rule is disabled.
- if ($idsrules{$rulefile}{$sid}{'State'} eq "off") {
- # Check if the state has been set to 'on'.
- if ($cgiparams{$sid} eq "on") {
- # Add/Modify the sid to/in the enabled_disabled_sids hash.
- $enabled_disabled_sids{$sid} = "enabled";
+ # Print file header and notice about autogenerated file.
+ print OINKM_INCL_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Get enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
+
+ # Loop through the array of enabled providers.
+ foreach my $provider (@enabled_providers) {
+ # Hash to store the used-enabled and disabled sids.
+ my %enabled_disabled_sids;
+
+ # Generate modified sids file name for the current processed provider.
+ my $providers_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider);
+
+ # Check if a modified sids file for this provider exists.
+ if (-f $providers_modified_sids_file) {
+ # Read-in the file for enabled/disabled sids.
+ %enabled_disabled_sids = &IDS::read_enabled_disabled_sids_file($providers_modified_sids_file);
+ }
+
+ # Loop through the hash of idsrules.
+ foreach my $rulefile (keys %idsrules) {
+ # Split the rulefile to get the vendor.
+ my @filename_parts = split(/-/, $rulefile);
+
+ # Assign rulefile vendor.
+ my $rulefile_vendor = @filename_parts[0];
+
+ # Skip the rulefile if the vendor is not our current processed provider.
+ next unless ($rulefile_vendor eq $provider);
+
+ # Loop through the single rules of the rulefile.
+ foreach my $sid (keys %{$idsrules{$rulefile}}) {
+ # Skip the current sid if it is not numeric.
+ next unless ($sid =~ /\d+/ );
+
+ # Check if there exists a key in the cgiparams hash for this sid.
+ if (exists($cgiparams{$sid})) {
+ # Look if the rule is disabled.
+ if ($idsrules{$rulefile}{$sid}{'State'} eq "off") {
+ # Check if the state has been set to 'on'.
+ if ($cgiparams{$sid} eq "on") {
+ # Add/Modify the sid to/in the enabled_disabled_sids hash.
+ $enabled_disabled_sids{$sid} = "enabled";
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$rulefile}{$sid};
+ }
+ }
+ } else {
+ # Look if the rule is enabled.
+ if ($idsrules{$rulefile}{$sid}{'State'} eq "on") {
+ # Check if the state is 'on' and should be disabled.
+ # In this case there is no entry
+ # for the sid in the cgiparams hash.
+ # Add/Modify it to/in the enabled_disabled_sids hash.
+ $enabled_disabled_sids{$sid} = "disabled";
# Drop item from cgiparams hash.
delete $cgiparams{$rulefile}{$sid};
}
}
- } else {
- # Look if the rule is enabled.
- if ($idsrules{$rulefile}{$sid}{'State'} eq "on") {
- # Check if the state is 'on' and should be disabled.
- # In this case there is no entry
- # for the sid in the cgiparams hash.
- # Add/Modify it to/in the enabled_disabled_sids hash.
- $enabled_disabled_sids{$sid} = "disabled";
-
- # Drop item from cgiparams hash.
- delete $cgiparams{$rulefile}{$sid};
- }
}
}
- }
- # Open enabled sid's file for writing.
- open(ENABLED_FILE, ">$IDS::enabled_sids_file") or die "Could not write to $IDS::enabled_sids_file. $!\n";
-
- # Open disabled sid's file for writing.
- open(DISABLED_FILE, ">$IDS::disabled_sids_file") or die "Could not write to $IDS::disabled_sids_file. $!\n";
-
- # Write header to the files.
- print ENABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
- print DISABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
-
- # Check if the hash for enabled/disabled files contains any entries.
- if (%enabled_disabled_sids) {
- # Loop through the hash.
- foreach my $sid (keys %enabled_disabled_sids) {
- # Check if the sid is enabled.
- if ($enabled_disabled_sids{$sid} eq "enabled") {
- # Print the sid to the enabled_sids file.
- print ENABLED_FILE "enablesid $sid\n";
- # Check if the sid is disabled.
- } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
- # Print the sid to the disabled_sids file.
- print DISABLED_FILE "disablesid $sid\n";
- # Something strange happende - skip the current sid.
- } else {
- next;
+ # Check if the hash for enabled/disabled sids contains any entries.
+ if (%enabled_disabled_sids) {
+ # Open providers modified sids file for writing.
+ open(PROVIDER_MOD_FILE, ">$providers_modified_sids_file") or die "Could not write to $providers_modified_sids_file. $!\n";
+
+ # Write header to the files.
+ print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the hash.
+ foreach my $sid (keys %enabled_disabled_sids) {
+ # Check if the sid is enabled.
+ if ($enabled_disabled_sids{$sid} eq "enabled") {
+ # Print the sid to the enabled_sids file.
+ print PROVIDER_MOD_FILE "enablesid $sid\n";
+ # Check if the sid is disabled.
+ } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
+ # Print the sid to the disabled_sids file.
+ print PROVIDER_MOD_FILE "disablesid $sid\n";
+ # Something strange happende - skip the current sid.
+ } else {
+ next;
+ }
}
+
+ # Close file handle for the providers modified sids file.
+ close(PROVIDER_MOD_FILE);
+
+ # Add the file to the oinkmasters include file.
+ print OINKM_INCL_FILE "include $providers_modified_sids_file\n";
}
}
- # Close file for enabled_sids after writing.
- close(ENABLED_FILE);
+ # Close the file handle after writing.
+ close(OINKM_INCL_FILE);
+
+ # Handle enabled / disabled rulefiles.
+ #
+
+ # Loop through the array of enabled providers.
+ foreach my $provider(@enabled_providers) {
+ # Array to store the rulefiles which belong to the current processed provider.
+ my @provider_rulefiles = ();
+
+ # Loop through the array of enabled rulefiles.
+ foreach my $rulesfile (@enabled_rulefiles) {
+ # Split the rulefile name.
+ my @filename_parts = split(/-/, "$rulesfile");
+
+ # Assign vendor name for easy processings.
+ my $vendor = @filename_parts[0];
+
+ # Check if the rulesvendor is our current processed enabled provider.
+ if ("$vendor" eq "$provider") {
+ # Add the rulesfile to the array of provider rulesfiles.
+ push(@provider_rulefiles, $rulesfile);
+ }
- # Close file for disabled_sids after writing.
- close(DISABLED_FILE);
+ # Call function and write the providers used rulesfile file.
+ &IDS::write_used_provider_rulefiles_file($provider, @provider_rulefiles);
+ }
+ }
# Call function to generate and write the used rulefiles file.
- &IDS::write_used_rulefiles_file(@enabled_rulefiles);
+ &IDS::write_main_used_rulefiles_file(@enabled_providers);
# Lock the webpage and print message.
&working_notice("$Lang::tr{'ids apply ruleset changes'}");
&reload();
# Download new ruleset.
-} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'update ruleset'}) {
+} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'ids force ruleset update'}) {
+ # Assign given provider handle.
+ my $provider = $cgiparams{'PROVIDER'};
+
# Check if the red device is active.
unless (-e "${General::swroot}/red/active") {
$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
&working_notice("$Lang::tr{'ids download new ruleset'}");
# Call subfunction to download the ruleset.
- if(&IDS::downloadruleset()) {
- $errormessage = $Lang::tr{'could not download latest updates'};
+ if(&IDS::downloadruleset($provider)) {
+ $errormessage = "$provider - $Lang::tr{'could not download latest updates'}";
# Call function to store the errormessage.
&IDS::_store_error_message($errormessage);
&reload();
}
}
+
+# Reset a provider to it's defaults.
+} elsif ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'ids reset provider'}") {
+ # Grab provider handle from cgihash.
+ my $provider = $cgiparams{'PROVIDER'};
+
+ # Lock the webpage and print message.
+ &working_notice("$Lang::tr{'ids apply ruleset changes'}");
+
+ # Create new empty file for used rulefiles
+ # for this provider.
+ &IDS::write_used_provider_rulefiles_file($provider);
+
+ # Call function to get the path and name for the given providers
+ # oinkmaster modified sids file.
+ my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider);
+
+ # Check if the file exists.
+ if (-f $provider_modified_sids_file) {
+ # Remove the file, as requested.
+ unlink("$provider_modified_sids_file");
+ }
+
+ # Alter the oinkmaster provider includes file and remove the provider.
+ &IDS::alter_oinkmaster_provider_includes_file("remove", $provider);
+
+ # Regenerate ruleset.
+ &IDS::oinkmaster();
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Get enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
+
+ # Get amount of enabled providers.
+ my $amount = @enabled_providers;
+
+ # Check if at least one enabled provider remains.
+ if ($amount >= 1) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("restart");
+
+ # Stop suricata if no enabled provider remains.
+ } else {
+ # Call suricatactrel to perform the stop.
+ &IDS::call_suricatactrl("stop");
+ }
+ }
+
+ # Undefine providers flag.
+ undef($cgiparams{'PROVIDERS'});
+
+ # Reload page.
+ &reload();
+
# Save IDS settings.
} elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
my %oldidssettings;
# Read-in current (old) IDS settings.
&General::readhash("$IDS::ids_settings_file", \%oldidssettings);
+ # Get enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
+
# Prevent form name from been stored in conf file.
delete $cgiparams{'IDS'};
# Check if the IDS should be enabled.
if ($cgiparams{'ENABLE_IDS'} eq "on") {
- # Check if any ruleset is available. Otherwise abort and display an error.
- unless(%idsrules) {
- $errormessage = $Lang::tr{'ids no ruleset available'};
+ # Check if at least one provider is enabled. Otherwise abort and display an error.
+ unless(@enabled_providers) {
+ $errormessage = $Lang::tr{'ids no enabled ruleset provider'};
}
# Loop through the array of available interfaces.
&General::writehash("$IDS::ids_settings_file", \%cgiparams);
}
+ # Check if the the automatic rule update hass been touched.
+ if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldidssettings{'AUTOUPDATE_INTERVAL'}) {
+ # Call suricatactrl to set the new interval.
+ &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
+ }
+
# Generate file to store the home net.
&IDS::generate_home_net_file();
# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {
- # Check if a ruleset exists.
- if (%idsrules) {
+ # Check if at least one provider is enabled.
+ if (@enabled_providers) {
# Lock the webpage and print message.
&working_notice("$Lang::tr{'ids working'}");
# Perform a reload of the page.
&reload();
}
-}
-
-# Read-in idssettings and rulesetsettings
-&General::readhash("$IDS::ids_settings_file", \%idssettings);
-&General::readhash("$IDS::rules_settings_file", \%rulessettings);
-# If no autoupdate intervall has been configured yet, set default value.
-unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) {
- # Set default to "weekly".
- $rulessettings{'AUTOUPDATE_INTERVAL'} = 'weekly';
-}
+# Toggle Enable/Disable autoupdate for a provider
+} elsif ($cgiparams{'AUTOUPDATE'} eq $Lang::tr{'toggle enable disable'}) {
+ my %used_providers = ();
-# Read-in ignored hosts.
-&General::readhasharray("$IDS::settingsdir/ignored", \%ignored);
-
-$checked{'ENABLE_IDS'}{'off'} = '';
-$checked{'ENABLE_IDS'}{'on'} = '';
-$checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'";
-$checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = '';
-$checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = '';
-$checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'";
-$selected{'RULES'}{'nothing'} = '';
-$selected{'RULES'}{'community'} = '';
-$selected{'RULES'}{'emerging'} = '';
-$selected{'RULES'}{'registered'} = '';
-$selected{'RULES'}{'subscripted'} = '';
-$selected{'RULES'}{$rulessettings{'RULES'}} = "selected='selected'";
-$selected{'AUTOUPDATE_INTERVAL'}{'off'} = '';
-$selected{'AUTOUPDATE_INTERVAL'}{'daily'} = '';
-$selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = '';
-$selected{'AUTOUPDATE_INTERVAL'}{$rulessettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'";
+ # Only go further, if an ID has been passed.
+ if ($cgiparams{'ID'}) {
+ # Assign the given ID.
+ my $id = $cgiparams{'ID'};
-&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
-### Java Script ###
-print"<script>\n";
+ # Read-in providers settings file.
+ &General::readhasharray($IDS::providers_settings_file, \%used_providers);
-# Java script variable declaration for show and hide.
-print"var show = \"$Lang::tr{'ids show'}\"\;\n";
-print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
+ # Grab the configured status of the corresponding entry.
+ my $status_autoupdate = $used_providers{$id}[2];
-print <<END
- // Java Script function to show/hide the text input field for
- // Oinkcode/Subscription code.
- var update_code = function() {
- if(\$('#RULES').val() == 'registered') {
- \$('#code').show();
- } else if(\$('#RULES').val() == 'subscripted') {
- \$('#code').show();
- } else if(\$('#RULES').val() == 'emerging_pro') {
- \$('#code').show();
+ # Switch the status.
+ if ($status_autoupdate eq "disabled") {
+ $status_autoupdate = "enabled";
} else {
- \$('#code').hide();
+ $status_autoupdate = "disabled";
}
- };
- // JQuery function to call corresponding function when
- // the ruleset is changed or the page is loaded for showing/hiding
- // the code area.
- \$(document).ready(function() {
- \$('#RULES').change(update_code);
- update_code();
- });
+ # Modify the status of the existing entry.
+ $used_providers{$id} = ["$used_providers{$id}[0]", "$used_providers{$id}[1]", "$status_autoupdate", "$used_providers{$id}[3]"];
- // Tiny java script function to show/hide the rules
- // of a given category.
- function showhide(tblname) {
- \$("#" + tblname).toggle();
+ # Write the changed hash to the providers settings file.
+ &General::writehasharray($IDS::providers_settings_file, \%used_providers);
+ }
- // Get current content of the span element.
- var content = document.getElementById("span_" + tblname);
+# Add/Edit a provider to the list of used providers.
+#
+} elsif (($cgiparams{'PROVIDERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'update'}")) {
+ my %used_providers = ();
- if (content.innerHTML === show) {
- content.innerHTML = hide;
- } else {
- content.innerHTML = show;
- }
- }
-</script>
-END
-;
+ # Read-in providers settings file.
+ &General::readhasharray("$IDS::providers_settings_file", \%used_providers);
-&Header::openbigbox('100%', 'left', '', $errormessage);
+ # Assign some nice human-readable values.
+ my $provider = $cgiparams{'PROVIDER'};
+ my $subscription_code = $cgiparams{'SUBSCRIPTION_CODE'};
+ my $status_autoupdate;
-if ($errormessage) {
- &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
- print "<class name='base'>$errormessage\n";
- print " </class>\n";
- &Header::closebox();
-}
+ # Handle autoupdate checkbox.
+ if ($cgiparams{'ENABLE_AUTOUPDATE'} eq "on") {
+ $status_autoupdate = "enabled";
+ } else {
+ $status_autoupdate = "disabled";
+ }
-# Draw current state of the IDS
-&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
+ # Check if we are going to add a new provider.
+ if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'add'}") {
+ # Loop through the hash of used providers.
+ foreach my $id ( keys %used_providers) {
+ # Check if the choosen provider is already in use.
+ if ($used_providers{$id}[0] eq "$provider") {
+ # Assign error message.
+ $errormessage = "$Lang::tr{'ids the choosen provider is already in use'}";
+ }
+ }
+ }
-# Check if the IDS is running and obtain the process-id.
-my $pid = &IDS::ids_is_running();
+ # Check if the provider requires a subscription code.
+ if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") {
+ # Check if an subscription code has been provided.
+ if ($subscription_code) {
+ # Check if the code contains unallowed chars.
+ unless ($subscription_code =~ /^[a-z0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for subscription code'};
+ }
+ } else {
+ # Print an error message, that an subsription code is required for this
+ # provider.
+ $errormessage = $Lang::tr{'ids subscription code required'};
+ }
+ }
-# Display some useful information, if suricata daemon is running.
-if ($pid) {
- # Gather used memory.
- my $memory = &get_memory_usage($pid);
+ # Go further if there was no error.
+ if ($errormessage eq '') {
+ my $id;
+ my $status;
- print <<END;
- <table width='95%' cellspacing='0' class='tbl'>
- <tr>
- <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
- </tr>
+ # Check if we should edit an existing entry and got an ID.
+ if (($cgiparams{'PROVIDERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
+ # Assin the provided id.
+ $id = $cgiparams{'ID'};
- <tr>
- <td class='base'>$Lang::tr{'guardian daemon'}</td>
- <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
- </tr>
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
- <tr>
- <td class='base'></td>
- <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
- <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
- </tr>
+ # Grab the configured status of the corresponding entry.
+ $status = $used_providers{$id}[3];
+ } else {
+ # Each newly added entry automatically should be enabled.
+ $status = "enabled";
- <tr>
- <td class='base'></td>
- <td bgcolor='$color{'color22'}' align='center'>$pid</td>
- <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
- </tr>
- </table>
-END
-} else {
- # Otherwise display a hint that the service is not launched.
- print <<END;
- <table width='95%' cellspacing='0' class='tbl'>
- <tr>
- <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
- </tr>
+ # Generate the ID for the new entry.
+ #
+ # Sort the keys by their ID and store them in an array.
+ my @keys = sort { $a <=> $b } keys %used_providers;
- <tr>
- <td class='base'>$Lang::tr{'guardian daemon'}</td>
- <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
- </tr>
- </table>
-END
-}
+ # Reverse the key array.
+ my @reversed = reverse(@keys);
-# Only show this area, if a ruleset is present.
-if (%idsrules) {
+ # Obtain the last used id.
+ my $last_id = @reversed[0];
- print <<END
+ # Increase the last id by one and use it as id for the new entry.
+ $id = ++$last_id;
+ }
- <br><br><h2>$Lang::tr{'settings'}</h2>
+ # Add/Modify the entry to/in the used providers hash..
+ $used_providers{$id} = ["$provider", "$subscription_code", "$status_autoupdate", "$status"];
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='100%' border='0'>
- <tr>
- <td class='base' colspan='2'>
- <input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}> $Lang::tr{'ids enable'}
- </td>
+ # Write the changed hash to the providers settings file.
+ &General::writehasharray($IDS::providers_settings_file, \%used_providers);
- <td class='base' colspan='2'>
- <input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}> $Lang::tr{'ids monitor traffic only'}
- </td>
- </tr>
+ # Check if a new provider will be added.
+ if ($cgiparams{'PROVIDERS'} eq $Lang::tr{'add'}) {
+ # Check if the red device is active.
+ unless (-e "${General::swroot}/red/active") {
+ $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'system is offline'}";
+ }
- <tr>
- <td><br><br></td>
- <td><br><br></td>
- <td><br><br></td>
- <td><br><br></td>
- </tr>
+ # Check if enough free disk space is availabe.
+ if(&IDS::checkdiskspace()) {
+ $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'not enough disk space'}";
+ }
- <tr>
- <td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
- </tr>
+ # Check if any errors happend.
+ unless ($errormessage) {
+ # Lock the webpage and print notice about downloading
+ # a new ruleset.
+ &working_notice("$Lang::tr{'ids working'}");
- <tr>
-END
-;
+ # Download the ruleset.
+ if(&IDS::downloadruleset($provider)) {
+ $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'ids unable to download the ruleset'}";
+
+ # Call function to store the errormessage.
+ &IDS::_store_error_message($errormessage);
- # Loop through the array of available networks and print config options.
- foreach my $zone (@network_zones) {
- my $checked_input;
- my $checked_forward;
+ # Remove the configured provider again.
+ &remove_provider($id);
+ } else {
+ # Extract the ruleset
+ &IDS::extractruleset($provider);
- # Convert current zone name to upper case.
- my $zone_upper = uc($zone);
+ # Move the ruleset.
+ &IDS::move_tmp_ruleset();
- # Set zone name.
- my $zone_name = $zone;
+ # Cleanup temporary directory.
+ &IDS::cleanup_tmp_directory();
- # Dirty hack to get the correct language string for the red zone.
- if ($zone eq "red") {
- $zone_name = "red1";
- }
+ # Create new empty file for used rulefiles
+ # for this provider.
+ &IDS::write_used_provider_rulefiles_file($provider);
+ }
- # Grab checkbox status from settings hash.
- if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") {
- $checked_input = "checked = 'checked'";
+ # Perform a reload of the page.
+ &reload();
+ }
}
- print "<td class='base' width='20%'>\n";
- print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
- print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
- print "</td>\n";
}
-print <<END
- </tr>
- </table>
+ # Undefine providers flag.
+ undef($cgiparams{'PROVIDERS'});
- <br><br>
+## Toggle Enabled/Disabled for an existing provider.
+#
+} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'toggle enable disable'}) {
+ my %used_providers = ();
+ my $provider_includes_action;
- <table width='100%'>
- <tr>
- <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td>
- </tr>
- </table>
- </form>
-END
-;
+ # Value if oinkmaster has to be executed.
+ my $oinkmaster = "False";
-}
+ # Only go further, if an ID has been passed.
+ if ($cgiparams{'ID'}) {
+ # Assign the given ID.
+ my $id = $cgiparams{'ID'};
-&Header::closebox();
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
-# Draw elements for ruleset configuration.
-&Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'});
+ # Read-in file which contains the provider settings.
+ &General::readhasharray($IDS::providers_settings_file, \%used_providers);
-print <<END
-<form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <table width='100%' border='0'>
- <tr>
- <td><b>$Lang::tr{'ids rules update'}</b></td>
- <td><b>$Lang::tr{'ids automatic rules update'}</b></td>
- </tr>
+ # Grab the configured status of the corresponding entry.
+ my $status = $used_providers{$id}[3];
- <tr>
- <td><select name='RULES' id='RULES'>
- <option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
- <option value='emerging_pro' $selected{'RULES'}{'emerging_pro'} >$Lang::tr{'emerging pro rules'}</option>
- <option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
- <option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
- <option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
- </select>
- </td>
-
- <td>
- <select name='AUTOUPDATE_INTERVAL'>
- <option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option>
- <option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option>
- <option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option>
- </select>
- </td>
- </tr>
+ # Grab the provider handle.
+ my $provider_handle = $used_providers{$id}[0];
- <tr>
- <td colspan='2'><br><br></td>
- </tr>
+ # Switch the status.
+ if ($status eq "enabled") {
+ $status = "disabled";
- <tr style='display:none' id='code'>
- <td colspan='2'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$rulessettings{'OINKCODE'}'></td>
- </tr>
+ # Set the provider includes action to "remove" for removing the entry.
+ $provider_includes_action = "remove";
+ } else {
+ $status = "enabled";
- <tr>
- <td> </td>
+ # Set the provider includes action to "add".
+ $provider_includes_action = "add";
+
+ # This operation requires to launch oinkmaster.
+ $oinkmaster = "True";
+ }
+
+ # Modify the status of the existing entry.
+ $used_providers{$id} = ["$used_providers{$id}[0]", "$used_providers{$id}[1]", "$used_providers{$id}[2]", "$status"];
+
+ # Write the changed hash to the providers settings file.
+ &General::writehasharray($IDS::providers_settings_file, \%used_providers);
+
+ # Get all enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
+
+ # Write the main providers include file.
+ &IDS::write_main_used_rulefiles_file(@enabled_providers);
+
+ # Call function to alter the oinkmasters provider includes file and
+ # add or remove the provider.
+ &IDS::alter_oinkmaster_provider_includes_file($provider_includes_action, $provider_handle);
+
+ # Check if oinkmaster has to be executed.
+ if ($oinkmaster eq "True") {
+ # Lock the webpage and print message.
+ &working_notice("$Lang::tr{'ids apply ruleset changes'}");
+
+ # Launch oinkmaster.
+ &IDS::oinkmaster();
+ }
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Gather the amount of enabled providers (elements in the array).
+ my $amount = @enabled_providers;
+
+ # Check if there are still enabled ruleset providers.
+ if ($amount >= 1) {
+ # Call suricatactrl to perform a restart.
+ &IDS::call_suricatactrl("restart");
+
+ # No active ruleset provider, suricata has to be stopped.
+ } else {
+ # Stop suricata.
+ &IDS::call_suricatactrl("stop");
+ }
+ }
+
+ # Undefine providers flag.
+ undef($cgiparams{'PROVIDERS'});
+
+ # Reload page.
+ &reload();
+ }
+
+## Remove provider from the list of used providers.
+#
+} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'remove'}) {
+ # Assign a nice human-readable variable.
+ my $id = $cgiparams{'ID'};
+
+ # Grab the provider name bevore deleting.
+ my $provider = &get_provider_handle($id);
+
+ # Remove the provider.
+ &remove_provider($id);
+
+ # Undef the given ID.
+ undef($cgiparams{'ID'});
+
+ # Lock the webpage and print message.
+ &working_notice("$Lang::tr{'ids apply ruleset changes'}");
+
+ # Drop the stored ruleset file.
+ &IDS::drop_dl_rulesfile($provider);
+
+ # Get the name of the provider rulessets include file.
+ my $provider_used_rulefile = &IDS::get_used_provider_rulesfile_file($provider);
+
+ # Drop the file, it is not longer needed.
+ unlink("$provider_used_rulefile");
+
+ # Call function to get the path and name for the given providers
+ # oinkmaster modified sids file.
+ my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider);
+
+ # Check if the file exists.
+ if (-f $provider_modified_sids_file) {
+ # Remove the file, which is not longer needed.
+ unlink("$provider_modified_sids_file");
+ }
+
+ # Alter the oinkmaster provider includes file and remove the provider.
+ &IDS::alter_oinkmaster_provider_includes_file("remove", $provider);
+
+ # Regenerate ruleset.
+ &IDS::oinkmaster();
+
+ # Gather all enabled providers.
+ my @enabled_providers = &IDS::get_enabled_providers();
+
+ # Regenerate main providers include file.
+ &IDS::write_main_used_rulefiles_file(@enabled_providers);
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Get amount of enabled providers.
+ my $amount = @enabled_providers;
+
+ # Check if at least one enabled provider remains.
+ if ($amount >= 1) {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("restart");
+
+ # Stop suricata if no enabled provider remains.
+ } else {
+ # Call suricatactrel to perform the stop.
+ &IDS::call_suricatactrl("stop");
+ }
+ }
+
+ # Undefine providers flag.
+ undef($cgiparams{'PROVIDERS'});
+
+ # Reload page.
+ &reload();
+}
+
+&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
+
+&Header::openbigbox('100%', 'left', '', $errormessage);
+
+&show_display_error_message();
+
+if ($cgiparams{'RULESET'} eq "$Lang::tr{'ids customize ruleset'}" ) {
+ &show_customize_ruleset();
+} elsif ($cgiparams{'PROVIDERS'} ne "") {
+ &show_add_provider();
+} else {
+ &show_mainpage();
+}
+
+&Header::closebigbox();
+&Header::closepage();
+
+#
+## Tiny function to show if a error message happened.
+#
+sub show_display_error_message() {
+ if ($errormessage) {
+ &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage\n";
+ print " </class>\n";
+ &Header::closebox();
+ }
+}
+
+#
+## Function to display the main IDS page.
+#
+sub show_mainpage() {
+ # Read-in idssettings and provider settings.
+ &General::readhash("$IDS::ids_settings_file", \%idssettings);
+ &General::readhasharray("$IDS::providers_settings_file", \%used_providers);
+
+ # If no autoupdate intervall has been configured yet, set default value.
+ unless(exists($idssettings{'AUTOUPDATE_INTERVAL'})) {
+ # Set default to "weekly".
+ $idssettings{'AUTOUPDATE_INTERVAL'} = 'weekly';
+ }
+
+ # Read-in ignored hosts.
+ &General::readhasharray("$IDS::settingsdir/ignored", \%ignored);
+
+ $checked{'ENABLE_IDS'}{'off'} = '';
+ $checked{'ENABLE_IDS'}{'on'} = '';
+ $checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'";
+ $checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = '';
+ $checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = '';
+ $checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'";
+ $selected{'AUTOUPDATE_INTERVAL'}{'off'} = '';
+ $selected{'AUTOUPDATE_INTERVAL'}{'daily'} = '';
+ $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = '';
+ $selected{'AUTOUPDATE_INTERVAL'}{$idssettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'";
+
+ # Draw current state of the IDS
+ &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
+
+ # Check if the IDS is running and obtain the process-id.
+ my $pid = &IDS::ids_is_running();
+
+ # Display some useful information, if suricata daemon is running.
+ if ($pid) {
+ # Gather used memory.
+ my $memory = &get_memory_usage($pid);
+
+ print <<END;
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
+ </tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
+ </tr>
+
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
+ <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
+ </tr>
+
+ <tr>
+ <td class='base'></td>
+ <td bgcolor='$color{'color22'}' align='center'>$pid</td>
+ <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
+ </tr>
+ </table>
+END
+ } else {
+ # Otherwise display a hint that the service is not launched.
+ print <<END;
+ <table width='95%' cellspacing='0' class='tbl'>
+ <tr>
+ <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th>
+ </tr>
- <td align='right'>
+ <tr>
+ <td class='base'>$Lang::tr{'guardian daemon'}</td>
+ <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
+ </tr>
+ </table>
+END
+ }
+
+ # Only show this area, if at least one ruleset provider is configured.
+ if (%used_providers) {
+
+print <<END
+
+ <br><br><h2>$Lang::tr{'settings'}</h2>
+
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr>
+ <td class='base' colspan='2'>
+ <input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}> $Lang::tr{'ids enable'}
+ </td>
+
+ <td class='base' colspan='2'>
+ <input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}> $Lang::tr{'ids monitor traffic only'}
+ </td>
+ </tr>
+
+ <tr>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ </tr>
+
+ <tr>
+ <td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
+ </tr>
+
+ <tr>
END
;
- # Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled.
- if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) {
- # Display button to update the ruleset.
- print"<input type='submit' name='RULESET' value='$Lang::tr{'update ruleset'}'>\n";
+
+ # Loop through the array of available networks and print config options.
+ foreach my $zone (@network_zones) {
+ my $checked_input;
+ my $checked_forward;
+
+ # Convert current zone name to upper case.
+ my $zone_upper = uc($zone);
+
+ # Set zone name.
+ my $zone_name = $zone;
+
+ # Dirty hack to get the correct language string for the red zone.
+ if ($zone eq "red") {
+ $zone_name = "red1";
+ }
+
+ # Grab checkbox status from settings hash.
+ if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") {
+ $checked_input = "checked = 'checked'";
+ }
+
+ print "<td class='base' width='20%'>\n";
+ print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
+ print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
+ print "</td>\n";
}
-print <<END;
- <input type='submit' name='RULESET' value='$Lang::tr{'save'}'>
- </td>
- </tr>
- </table>
-</form>
+print <<END
+ </tr>
+
+ <tr>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ <td><br><br></td>
+ </tr>
+
+ <tr>
+ <td colspan='4'><b>$Lang::tr{'ids automatic rules update'}</b></td>
+ </tr>
+
+ <tr>
+ <td>
+ <select name='AUTOUPDATE_INTERVAL'>
+ <option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option>
+ <option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option>
+ <option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option>
+ </select>
+ </td>
+ </tr>
+ </table>
+
+ <br><br>
+
+ <table width='100%'>
+ <tr>
+ <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td>
+ </tr>
+ </table>
+ </form>
END
;
-&Header::closebox();
+ }
-#
-# Whitelist / Ignorelist
-#
-&Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'});
+ &Header::closebox();
+
+ #
+ # Used Ruleset Providers section.
+ #
+ &Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'});
print <<END;
+ <table width='100%' border='0'>
+ <tr>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ids provider'}</b></td>
+ <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'date'}</b></td>
+ <td class='base' bgcolor='$color{'color20'}' align='center'><b>$Lang::tr{'ids autoupdates'}</b></td>
+ <td class='base' bgcolor='$color{'color20'}'></td>
+ <td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
+ </tr>
+END
+ my $line = 1;
+
+ # Check if some providers has been configured.
+ if (keys (%used_providers)) {
+ my $col = "";
+
+ # Loop through all entries of the hash.
+ foreach my $id (sort keys(%used_providers)) {
+ # Assign data array positions to some nice variable names.
+ my $provider = $used_providers{$id}[0];
+ my $provider_name = &get_provider_name($provider);
+ my $rulesetdate = &IDS::get_ruleset_date($provider);
+
+ my $subscription_code = $used_providers{$id}[1];
+ my $autoupdate_status = $used_providers{$id}[2];
+ my $status = $used_providers{$id}[3];
+
+ # Check if the item number is even or not.
+ if ($line % 2) {
+ $col="bgcolor='$color{'color22'}'";
+ } else {
+ $col="bgcolor='$color{'color20'}'";
+ }
+
+ # Choose icons for the checkboxes.
+ my $status_gif;
+ my $status_gdesc;
+ my $autoupdate_status_gif;
+ my $autoupdate_status_gdesc;
+
+ # Check if the status is enabled and select the correct image and description.
+ if ($status eq 'enabled' ) {
+ $status_gif = 'on.gif';
+ $status_gdesc = $Lang::tr{'click to disable'};
+ } else {
+ $status_gif = 'off.gif';
+ $status_gdesc = $Lang::tr{'click to enable'};
+ }
+
+ # Check if the autoupdate status is enabled and select the correct image and description.
+ if ($autoupdate_status eq 'enabled') {
+ $autoupdate_status_gif = 'on.gif';
+ $autoupdate_status_gdesc = $Lang::tr{'click to disable'};
+ } else {
+ $autoupdate_status_gif = 'off.gif';
+ $autoupdate_status_gdesc = $Lang::tr{'click to enable'};
+ }
+
+print <<END;
+ <tr>
+ <td width='33%' class='base' $col>$provider_name</td>
+ <td width='30%' class='base' $col>$rulesetdate</td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='AUTOUPDATE' value='$Lang::tr{'toggle enable disable'}' />
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$autoupdate_status_gif' alt='$autoupdate_status_gdesc' title='$autoupdate_status_gdesc' />
+ <input type='hidden' name='ID' value='$id' />
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='PROVIDERS' value='$Lang::tr{'toggle enable disable'}'>
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$status_gif' alt='$status_gdesc' title='$status_gdesc'>
+ <input type='hidden' name='ID' value='$id'>
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='PROVIDERS' value='$Lang::tr{'edit'}'>
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}'>
+ <input type='hidden' name='ID' value='$id'>
+ </form>
+ </td>
+
+ <td align='center' $col>
+ <form method='post' name='$provider' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'>
+ <input type='hidden' name='ID' value='$id'>
+ <input type='hidden' name='PROVIDERS' value='$Lang::tr{'remove'}'>
+ </form>
+ </td>
+ </tr>
+END
+ # Increment lines value.
+ $line++;
+
+ }
+
+ } else {
+ # Print notice that currently no hosts are ignored.
+ print "<tr>\n";
+ print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
+ print "</tr>\n";
+ }
+
+ print "</table>\n";
+
+ # Section to add new elements or edit existing ones.
+print <<END;
+ <br>
+ <hr>
+ <br>
+
+ <div align='right'>
+ <table width='100%'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <tr>
+END
+
+ # Only show this button if a ruleset provider is configured.
+ if (%used_providers) {
+ print "<input type='submit' name='RULESET' value='$Lang::tr{'ids customize ruleset'}'>\n";
+ }
+print <<END;
+ <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
+ </tr>
+ </form>
+ </table>
+ </div>
+END
+
+ &Header::closebox();
+
+ #
+ # Whitelist / Ignorelist
+ #
+ &Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'});
+
+ print <<END;
<table width='100%'>
<tr>
<td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='WHITELIST' value='$Lang::tr{'toggle enable disable'}' />
- <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
- <input type='hidden' name='ID' value='$key' />
+ <input type='hidden' name='WHITELIST' value='$Lang::tr{'toggle enable disable'}'>
+ <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc'>
+ <input type='hidden' name='ID' value='$key'>
</form>
</td>
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='WHITELIST' value='$Lang::tr{'edit'}' />
- <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
- <input type='hidden' name='ID' value='$key' />
+ <input type='hidden' name='WHITELIST' value='$Lang::tr{'edit'}'>
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}'>
+ <input type='hidden' name='ID' value='$key'>
</form>
</td>
<input type='hidden' name='ID' value='$key'>
<input type='hidden' name='WHITELIST' value='$Lang::tr{'remove'}'>
</form>
- </td>
- </tr>
+ </td>
+ </tr>
END
+ }
+ } else {
+ # Print notice that currently no hosts are ignored.
+ print "<tr>\n";
+ print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
+ print "</tr>\n";
}
- } else {
- # Print notice that currently no hosts are ignored.
- print "<tr>\n";
- print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
- print "</tr>\n";
- }
- print "</table>\n";
+ print "</table>\n";
- # Section to add new elements or edit existing ones.
+ # Section to add new elements or edit existing ones.
print <<END;
- <br>
- <hr>
- <br>
-
- <div align='center'>
- <table width='100%'>
+ <br>
+ <hr>
+ <br>
+
END
- # Assign correct headline and button text.
- my $buttontext;
- my $entry_address;
- my $entry_remark;
+ # Assign correct headline and button text.
+ my $buttontext;
+ my $entry_address;
+ my $entry_remark;
- # Check if an ID (key) has been given, in this case an existing entry should be edited.
- if ($cgiparams{'ID'} ne '') {
- $buttontext = $Lang::tr{'update'};
- print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
+ # Check if an ID (key) has been given, in this case an existing entry should be edited.
+ if ($cgiparams{'ID'} ne '') {
+ $buttontext = $Lang::tr{'update'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
- # Grab address and remark for the given key.
- $entry_address = $ignored{$cgiparams{'ID'}}[0];
- $entry_remark = $ignored{$cgiparams{'ID'}}[1];
- } else {
- $buttontext = $Lang::tr{'add'};
- print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
- }
+ # Grab address and remark for the given key.
+ $entry_address = $ignored{$cgiparams{'ID'}}[0];
+ $entry_remark = $ignored{$cgiparams{'ID'}}[1];
+ } else {
+ $buttontext = $Lang::tr{'add'};
+ print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
+ }
print <<END;
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ID' value='$cgiparams{'ID'}'>
- <tr>
- <td width='30%'>$Lang::tr{'ip address'}: </td>
- <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='hidden' name='ID' value='$cgiparams{'ID'}'>
+ <tr>
+ <td width='30%'>$Lang::tr{'ip address'}: </td>
+ <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
- <td width='30%'>$Lang::tr{'remark'}: </td>
- <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
- <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
- </tr>
- </form>
- </table>
- </div>
+ <td width='30%'>$Lang::tr{'remark'}: </td>
+ <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
+ <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
+ </tr>
+ </form>
+ </table>
+ </div>
END
-&Header::closebox();
-
-# Only show the section for configuring the ruleset if one is present.
-if (%idsrules) {
- # Load neccessary perl modules for file stat and to format the timestamp.
- use File::stat;
- use POSIX qw( strftime );
+ &Header::closebox();
+}
- # Call stat on the rulestarball.
- my $stat = stat("$IDS::rulestarball");
+#
+## Function to show the customize ruleset section.
+#
+sub show_customize_ruleset() {
+ ### Java Script ###
+ print"<script>\n";
- if (defined $stat) {
- # Get timestamp the file creation.
- my $mtime = $stat->mtime;
+ # Java script variable declaration for show and hide.
+ print"var show = \"$Lang::tr{'ids show'}\"\;\n";
+ print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
- # Convert into human read-able format.
- my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
+print <<END
+ // Tiny java script function to show/hide the rules
+ // of a given category.
+ function showhide(tblname) {
+ \$("#" + tblname).toggle();
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );
+ // Get current content of the span element.
+ var content = document.getElementById("span_" + tblname);
+ if (content.innerHTML === show) {
+ content.innerHTML = hide;
+ } else {
+ content.innerHTML = show;
+ }
+ }
+ </script>
+END
+;
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'}" );
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
# Output display table for rule files
print <<END
<table width='100%'>
<tr>
- <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td>
+ <td width='100%' align='right'>
+ <input type='submit' value='$Lang::tr{'fwhost back'}'>
+ <input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'>
+ </td>
</tr>
</table>
</form>
}
}
-&Header::closebigbox();
-&Header::closepage();
+#
+## Function to show section for add/edit a provider.
+#
+sub show_add_provider() {
+ my %used_providers = ();
+ my @subscription_providers;
+
+ # Read -in providers settings file.
+ &General::readhasharray("$IDS::providers_settings_file", \%used_providers);
+
+ # Get all supported ruleset providers.
+ my @ruleset_providers = &IDS::get_ruleset_providers();
+
+ ### Java Script ###
+ print "<script>\n";
+
+ # Generate Java Script Object which contains the URL of the providers.
+ print "\t// Object, which contains the webpages of the ruleset providers.\n";
+ print "\tvar url = {\n";
+
+ # Loop through the array of supported providers.
+ foreach my $provider (@ruleset_providers) {
+ # Check if the provider requires a subscription.
+ if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") {
+ # Add the provider to the array of subscription_providers.
+ push(@subscription_providers, $provider);
+ }
+
+ # Grab the URL for the provider.
+ my $url = $IDS::Ruleset::Providers{$provider}{'website'};
+
+ # Print the URL to the Java Script Object.
+ print "\t\t$provider: \"$url\"\,\n";
+ }
+
+ # Close the Java Script Object declaration.
+ print "\t}\;\n\n";
+
+ # Generate Java Script Array which contains the provider that requires a subscription.
+ my $line = "";
+ $line = join("', '", @subscription_providers);
+
+ print "\t// Array which contains the providers that requires a subscription.\n";
+ print "\tsubscription_provider = ['$line']\;\n\n";
+
+print <<END
+ // Java Script function to swap the text input field for
+ // entering a subscription code.
+ var update_provider = function() {
+ if(inArray(\$('#PROVIDER').val(), subscription_provider)) {
+ \$('.subscription_code').show();
+ } else {
+ \$('.subscription_code').hide();
+ }
+
+ // Call function to change the website url.
+ change_url(\$('#PROVIDER').val());
+ };
+
+ // Java Script function to check if a given value is part of
+ // an array.
+ function inArray(value,array) {
+ var count=array.length;
+
+ for(var i=0;i<count;i++) {
+ if(array[i]===value){
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ // Tiny function to change the website url based on the selected element in the "PROVIDERS"
+ // dropdown menu.
+ function change_url(provider) {
+ // Get and change the href to the corresponding url.
+ document.getElementById("website").href = url[provider];
+ }
+
+ // JQuery function to call corresponding function when
+ // the ruleset provider is changed or the page is loaded for showing/hiding
+ // the subscription_code area.
+ \$(document).ready(function() {
+ \$('#PROVIDER').change(update_provider);
+ update_provider();
+ });
+
+ </script>
+END
+;
+
+ # Check if an existing provider should be edited.
+ if($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") {
+ # Check if autoupdate is enabled for this provider.
+ if ($used_providers{$cgiparams{'ID'}}[2] eq "enabled") {
+ # Set the checkbox to be checked.
+ $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'";
+ }
+
+ # Display section to force an rules update and to reset the provider.
+ &show_additional_provider_actions();
+
+ } elsif ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'ids add provider'}") {
+ # Set the autoupdate to true as default.
+ $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'";
+ }
+
+ &Header::openbox('100%', 'center', $Lang::tr{'ids provider settings'});
+
+print <<END
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border='0'>
+ <tr>
+ <td colspan='2'><b>$Lang::tr{'ids provider'}</b></td>
+ </tr>
+
+ <tr>
+ <td width='40%'>
+ <input type='hidden' name='ID' value='$cgiparams{'ID'}'>
+END
+;
+ # Value to allow disabling the dropdown menu.
+ my $disabled;
+
+ # Check if we are in edit mode.
+ if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") {
+ $disabled = "disabled";
+
+ # Add hidden input with the provider because the disable select does not provider
+ # this.
+ print "<input type='hidden' name='PROVIDER' value='$used_providers{$cgiparams{'ID'}}[0]'>\n";
+ }
+
+ print "<select name='PROVIDER' id='PROVIDER' $disabled>\n";
+ # Temporary hash to store the provier names and their handles.
+ my %tmphash = ();
+
+ # Loop through the array of ruleset providers.
+ foreach my $handle (@ruleset_providers) {
+ # Get the provider name.
+ my $name = &get_provider_name($handle);
+
+ # Add the grabbed provider name and handle to the
+ # temporary hash.
+ $tmphash{$name} = "$handle";
+ }
+
+ # Sort and loop through the temporary hash.
+ foreach my $provider_name ( sort keys %tmphash ) {
+ # Grab the provider handle.
+ my $provider = $tmphash{$provider_name};
+
+ # Pre-select the provider if one is given.
+ if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) {
+ $selected{$provider} = "selected='selected'";
+ }
+
+ # Add the provider to the dropdown menu.
+ print "<option value='$provider' $selected{$provider}>$provider_name</option>\n";
+ }
+print <<END
+ </select>
+ </td>
+
+ <td width='60%'>
+ <b><a id="website" target="_blank" href="#">$Lang::tr{'ids visit provider website'}</a></b>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan='2'><br><br></td>
+ </tr>
+
+ <tr class='subscription_code' style='display:none' id='subscription_code'>
+ <td colspan='2'>
+ <table border='0'>
+ <tr>
+ <td>
+ <b>$Lang::tr{'subscription code'}</b>
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ <input type='text' size='40' name='SUBSCRIPTION_CODE' value='$used_providers{$cgiparams{'ID'}}[1]'>
+ </td>
+ </tr>
+
+ <tr>
+ <td><br><br></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan='2'>
+ <input type='checkbox' name='ENABLE_AUTOUPDATE' $checked{'ENABLE_AUTOUPDATE'}> $Lang::tr{'ids enable automatic updates'}
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan='2' align='right'>
+ <input type='submit' value='$Lang::tr{'back'}'>
+END
+;
+ # Check if a provider should be added or edited.
+ if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") {
+ # Display button for updating the existing provider.
+ print "<input type='submit' name='PROVIDERS' value='$Lang::tr{'update'}'>\n";
+ } else {
+ # Display button to add the new provider.
+ print "<input type='submit' name='PROVIDERS' value='$Lang::tr{'add'}'>\n";
+ }
+print <<END
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+;
+ &Header::closebox();
+}
+
+#
+## Function to show the area where additional provider actions can be done.
+#
+sub show_additional_provider_actions() {
+ my $disabled;
+ my %used_providers = ();
+
+ # Read-in providers settings file.
+ &General::readhasharray("$IDS::providers_settings_file", \%used_providers);
+
+ # Assign variable for provider handle.
+ my $provider = "$used_providers{$cgiparams{'ID'}}[0]";
+
+ # Call function to get the path and name for the given providers
+ # oinkmaster modified sids file.
+ my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider);
+
+ # Disable the reset provider button if no provider modified sids file exists.
+ unless (-f $provider_modified_sids_file) {
+ $disabled = "disabled";
+ }
+
+ &Header::openbox('100%', 'center', "");
+ print <<END
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <table width='100%' border="0">
+ <tr>
+ <td align='center'>
+ <input type='hidden' name='PROVIDER' value='$provider'>
+ <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids reset provider'}' $disabled>
+ <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids force ruleset update'}'>
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+;
+ &Header::closebox();
+}
#
## A function to display a notice, to lock the webpage and
my $msg;
# Gather rule sid and message from the ruleline.
- if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
+ if ($line =~ m/.*msg:\s*\"(.*?)\"\;.*sid:\s*(.*?); /) {
$msg = $1;
$sid = $2;
}
#
-## Function to read-in the given enabled or disables sids file.
+## Function to get the provider handle by a given ID.
#
-sub read_enabled_disabled_sids_file($) {
- my ($file) = @_;
-
- # Temporary hash to store the sids and their state. It will be
- # returned at the end of this function.
- my %temphash;
-
- # Open the given filename.
- open(FILE, "$file") or die "Could not open $file. $!\n";
-
- # Loop through the file.
- while(<FILE>) {
- # Remove newlines.
- chomp $_;
-
- # Skip blank lines.
- next if ($_ =~ /^\s*$/);
-
- # Skip coments.
- next if ($_ =~ /^\#/);
-
- # Splitt line into sid and state part.
- my ($state, $sid) = split(" ", $_);
-
- # Skip line if the sid is not numeric.
- next unless ($sid =~ /\d+/ );
-
- # Check if the sid was enabled.
- if ($state eq "enablesid") {
- # Add the sid and its state as enabled to the temporary hash.
- $temphash{$sid} = "enabled";
- # Check if the sid was disabled.
- } elsif ($state eq "disablesid") {
- # Add the sid and its state as disabled to the temporary hash.
- $temphash{$sid} = "disabled";
- # Invalid state - skip the current sid and state.
- } else {
- next;
- }
+sub get_provider_handle($) {
+ my ($id) = @_;
+
+ my %used_providers = ();
+
+ # Read-in provider settings file.
+ &General::readhasharray($IDS::providers_settings_file, \%used_providers);
+
+ # Obtain the provider handle for the given ID.
+ my $provider_handle = $used_providers{$cgiparams{'ID'}}[0];
+
+ # Return the handle.
+ return $provider_handle;
+}
+
+#
+## Function to get the provider name from the language file or providers file for a given handle.
+#
+sub get_provider_name($) {
+ my ($handle) = @_;
+ my $provider_name;
+
+ # Get the required translation string for the given provider handle.
+ my $tr_string = $IDS::Ruleset::Providers{$handle}{'tr_string'};
+
+ # Check if the translation string is available in the language files.
+ if ($Lang::tr{$tr_string}) {
+ # Use the translated string from the language file.
+ $provider_name = $Lang::tr{$tr_string};
+ } else {
+ # Fallback and use the provider summary from the providers file.
+ $provider_name = $IDS::Ruleset::Providers{$handle}{'summary'};
}
- # Close filehandle.
- close(FILE);
+ # Return the obtained provider name.
+ return $provider_name;
+}
+
+#
+## Function to remove a provider by a given ID.
+#
+sub remove_provider($) {
+ my ($id) = @_;
+
+ my %used_providers = ();
+
+ # Read-in provider settings file.
+ &General::readhasharray($IDS::providers_settings_file, \%used_providers);
+
+ # Drop entry from the hash.
+ delete($used_providers{$id});
- # Return the hash.
- return %temphash;
+ # Write the changed hash to the provider settings file.
+ &General::writehasharray($IDS::providers_settings_file, \%used_providers);
}
#
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2014-2020 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2014-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
$checked{'DROPWIRELESSFORWARD'}{'off'} = '';
$checked{'DROPWIRELESSFORWARD'}{'on'} = '';
$checked{'DROPWIRELESSFORWARD'}{$settings{'DROPWIRELESSFORWARD'}} = "checked='checked'";
+$checked{'DROPSPOOFEDMARTIAN'}{'off'} = '';
+$checked{'DROPSPOOFEDMARTIAN'}{'on'} = '';
+$checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMARTIAN'}} = "checked='checked'";
+$checked{'DROPHOSTILE'}{'off'} = '';
+$checked{'DROPHOSTILE'}{'on'} = '';
+$checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} = "checked='checked'";
$checked{'DROPPROXY'}{'off'} = '';
$checked{'DROPPROXY'}{'on'} = '';
$checked{'DROPPROXY'}{$settings{'DROPPROXY'}} = "checked='checked'";
<br>
<table width='95%' cellspacing='0'>
-<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop newnotsyn'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/
- <input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop input'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
- <input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop forward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/
- <input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/
- <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
- <input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
- <input type='radio' name='DROPWIRELESSINPUT' value='off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr>
-<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
- <input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'}</td></tr>
+ <tr bgcolor='$color{'color20'}'>
+ <td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop newnotsyn'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/
+ <input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop input'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/
+ <input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop forward'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/
+ <input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/
+ <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop portscan'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/
+ <input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/
+ <input type='radio' name='DROPWIRELESSINPUT' value='off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/
+ <input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop spoofed martians'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPSPOOFEDMARTIAN' value='on' $checked{'DROPSPOOFEDMARTIAN'}{'on'} />/
+ <input type='radio' name='DROPSPOOFEDMARTIAN' value='off' $checked{'DROPSPOOFEDMARTIAN'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
</table>
<br/>
+<table width='95%' cellspacing='0'>
+ <tr bgcolor='$color{'color20'}'>
+ <td colspan='2' align='left'><b>$Lang::tr{'fw red'}</b></td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'drop hostile'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='DROPHOSTILE' value='on' $checked{'DROPHOSTILE'}{'on'} />/
+ <input type='radio' name='DROPHOSTILE' value='off' $checked{'DROPHOSTILE'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+</table>
+<br>
+
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr>
<tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/
###############################################################################
use strict;
+use List::Util qw(any);
# enable only the following on debugging purpose
#use warnings;
my %pakfiresettings = ();
my %mainsettings = ();
-&Header::showhttpheaders();
+# Load general settings
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+# Get CGI request data
$cgiparams{'ACTION'} = '';
$cgiparams{'VALID'} = '';
$cgiparams{'INSPAKS'} = '';
$cgiparams{'DELPAKS'} = '';
-my $page_lock;
+&Header::getcgihash(\%cgiparams);
-sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
+### Process AJAX/JSON request ###
+if($cgiparams{'ACTION'} eq 'json-getstatus') {
+ # Send HTTP headers
+ _start_json_output();
-&Header::getcgihash(\%cgiparams);
+ # Read /var/log/messages backwards until a "Pakfire started" header is found,
+ # to capture all messages of the last (i.e. current) Pakfire run
+ my @messages = `tac /var/log/messages | sed -n '/pakfire:/{p;/Pakfire.*started/q}'`;
-&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
+ # Test if the log contains an error message (fastest implementation, stops at first match)
+ my $failure = any{ index($_, 'ERROR') != -1 } @messages;
+
+ # Collect Pakfire status
+ my %status = (
+ 'running' => &_is_pakfire_busy() || "0",
+ 'running_since' => &General::age("$Pakfire::lockfile") || "0s",
+ 'reboot' => (-e "/var/run/need_reboot") || "0",
+ 'failure' => $failure || "0"
+ );
+
+ # Start JSON file
+ print "{\n";
+
+ foreach my $key (keys %status) {
+ my $value = $status{$key};
+ print qq{\t"$key": "$value",\n};
+ }
+
+ # Print sanitized messages in reverse order to undo previous "tac"
+ print qq{\t"messages": [\n};
+ for my $index (reverse (0 .. $#messages)) {
+ my $line = $messages[$index];
+ $line =~ s/[[:cntrl:]<>&\\]+//g;
+
+ print qq{\t\t"$line"};
+ print ",\n" unless $index < 1;
+ }
+ print "\n\t]\n";
+
+ # Finalize JSON file & stop
+ print "}";
+ exit;
+}
+
+### Start pakfire page ###
+&Header::showhttpheaders();
+
+###--- HTML HEAD ---###
+my $extraHead = <<END
+<style>
+ /* Main screen */
+ table#pfmain {
+ width: 100%;
+ border-style: hidden;
+ table-layout: fixed;
+ }
+
+ #pfmain td {
+ padding: 5px 20px 0;
+ text-align: center;
+ }
+ #pfmain tr:not(:last-child) > td {
+ padding-bottom: 1.5em;
+ }
+ #pfmain tr > td.heading {
+ padding: 0;
+ font-weight: bold;
+ background-color: $color{'color20'};
+ }
+
+ .pflist {
+ width: 100%;
+ text-align: left;
+ margin-bottom: 0.8em;
+ }
+
+ /* Pakfire log viewer */
+ section#pflog-header {
+ width: 100%;
+ display: flex;
+ text-align: left;
+ align-items: center;
+ column-gap: 20px;
+ }
+ #pflog-header > div:last-child {
+ margin-left: auto;
+ margin-right: 20px;
+ }
+ #pflog-header span {
+ line-height: 1.3em;
+ }
+ #pflog-header span:empty::before {
+ content: "\\200b"; /* zero width space */
+ }
+
+ pre#pflog-messages {
+ margin-top: 0.7em;
+ padding-top: 0.7em;
+ border-top: 0.5px solid $Header::bordercolour;
-&Header::openpage($Lang::tr{'pakfire configuration'}, 1);
+ text-align: left;
+ min-height: 15em;
+ overflow-x: auto;
+ }
+</style>
+
+<script src="/include/pakfire.js"></script>
+<script>
+ // Translations
+ pakfire.i18n.load({
+ 'working': '$Lang::tr{'pakfire working'}',
+ 'finished': '$Lang::tr{'pakfire finished'}',
+ 'finished error': '$Lang::tr{'pakfire finished error'}',
+ 'since': '$Lang::tr{'since'}',
+
+ 'link_return': '<a href="$ENV{'SCRIPT_NAME'}">$Lang::tr{'pakfire return'}</a>',
+ 'link_reboot': '<a href="/cgi-bin/shutdown.cgi">$Lang::tr{'needreboot'}</a>'
+ });
+
+ // AJAX auto refresh interval (in ms, default: 1000)
+ //pakfire.refreshInterval = 1000;
+
+ // Enable returning to main screen (delay in ms)
+ pakfire.setupPageReload(true, 3000);
+</script>
+END
+;
+###--- END HTML HEAD ---###
+
+&Header::openpage($Lang::tr{'pakfire configuration'}, 1, $extraHead);
&Header::openbigbox('100%', 'left', '', $errormessage);
-if (($cgiparams{'ACTION'} eq 'install') && (! -e $Pakfire::lockfile)) {
+# Process Pakfire commands
+if (($cgiparams{'ACTION'} eq 'install') && (! &_is_pakfire_busy())) {
my @pkgs = split(/\|/, $cgiparams{'INSPAKS'});
if ("$cgiparams{'FORCE'}" eq "on") {
- # Lock the page.
- $page_lock = "1";
&General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", @pkgs);
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
print "$_\n";
}
print <<END;
- </pre>
- <tr><td colspan='2'>$Lang::tr{'pakfire accept all'}
- <tr><td colspan='2'>
+ </pre></td></tr>
+ <tr><td colspan='2'>$Lang::tr{'pakfire accept all'}</td></tr>
+ <tr><td colspan='2'> </td></tr>
<tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='INSPAKS' value='$cgiparams{'INSPAKS'}' />
<input type='hidden' name='FORCE' value='on' />
<input type='hidden' name='ACTION' value='install' />
<input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/go-next.png' />
</form>
+ </td>
<td align='left'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='' />
<input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' />
</form>
+ </td>
+ </tr>
</table>
END
&Header::closebox();
&Header::closepage();
exit;
}
-} elsif (($cgiparams{'ACTION'} eq 'remove') && (! -e $Pakfire::lockfile)) {
+} elsif (($cgiparams{'ACTION'} eq 'remove') && (! &_is_pakfire_busy())) {
my @pkgs = split(/\|/, $cgiparams{'DELPAKS'});
if ("$cgiparams{'FORCE'}" eq "on") {
- # Lock the page.
- $page_lock = "1";
&General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", @pkgs);
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
print "$_\n";
}
print <<END;
- </pre>
- <tr><td colspan='2'>$Lang::tr{'pakfire uninstall all'}
- <tr><td colspan='2'>
+ </pre></td></tr>
+ <tr><td colspan='2'>$Lang::tr{'pakfire uninstall all'}</td></tr>
+ <tr><td colspan='2'> </td></tr>
<tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='DELPAKS' value='$cgiparams{'DELPAKS'}' />
<input type='hidden' name='FORCE' value='on' />
<input type='hidden' name='ACTION' value='remove' />
<input type='image' alt='$Lang::tr{'uninstall'}' title='$Lang::tr{'uninstall'}' src='/images/go-next.png' />
</form>
+ </td>
<td align='left'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='' />
<input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' />
</form>
+ </td>
+ </tr>
</table>
END
&Header::closebox();
exit;
}
-} elsif (($cgiparams{'ACTION'} eq 'update') && (! -e $Pakfire::lockfile)) {
- # Set variable to lock the page.
- $page_lock = "1";
+} elsif (($cgiparams{'ACTION'} eq 'update') && (! &_is_pakfire_busy())) {
&General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors");
-} elsif (($cgiparams{'ACTION'} eq 'upgrade') && (!-e $Pakfire::lockfile)) {
- # Lock the page.
- $page_lock = "1";
+} elsif (($cgiparams{'ACTION'} eq 'upgrade') && (! &_is_pakfire_busy())) {
&General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "--no-colors");
} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
$pakfiresettings{"TREE"} = $cgiparams{"TREE"};
&Header::closebox();
}
-# Check if a page lock is required.
-if ($page_lock) {
- &Header::openbox('Waiting', 1, ,);
- print <<END;
- <table>
- <tr>
- <td>
- <img src='/images/indicator.gif' alt='$Lang::tr{'active'}' title='$Lang::tr{'active'}'>
- </td>
+# Show log output while Pakfire is running
+if(&_is_pakfire_busy()) {
+ &Header::openbox("100%", "center", "Pakfire");
+
+ print <<END
+<section id="pflog-header">
+ <div><img src="/images/indicator.gif" alt="$Lang::tr{'active'}" title="$Lang::tr{'pagerefresh'}"></div>
+ <div>
+ <span id="pflog-status">$Lang::tr{'pakfire working'}</span><br>
+ <span id="pflog-time"></span><br>
+ <span id="pflog-action"></span>
+ </div>
+ <div><a href="$ENV{'SCRIPT_NAME'}"><img src="/images/view-refresh.png" alt="$Lang::tr{'refresh'}" title="$Lang::tr{'refresh'}"></a></div>
+</section>
+
+<!-- Pakfire log messages -->
+<pre id="pflog-messages"></pre>
+<script>
+ // Start automatic log refresh
+ pakfire.running = true;
+</script>
- <td>
- $Lang::tr{'pakfire working'}
- </td>
- </tr>
- </table>
END
- &Header::closebox();
-
- # Infinite loop to lock the page until pakfire lockfile is present.
- while($page_lock) {
- unless (-e $Pakfire::lockfile) {
- sleep(1);
- } else {
- # Release page lock.
- undef($page_lock);
-
- # Break loop.
- last;
- }
- }
-
- # Perform page reload.
- print "<meta http-equiv='refresh' content='1;'>\n";
- exit;
-}
+;
-# Check if pakfire is already running. In this case a lockfile is present.
-if (-e $Pakfire::lockfile) {
- &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
- print <<END;
- <table>
- <tr><td>
- <img src='/images/indicator.gif' alt='$Lang::tr{'active'}' title='$Lang::tr{'active'}' />
- <td>
- $Lang::tr{'pakfire working'}
- <tr><td colspan='2' align='center'>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
- </form>
- <tr><td colspan='2' align='left'><code>
-END
- my @output = `grep pakfire /var/log/messages | tail -20`;
- foreach (@output) {
- print "$_<br>";
- }
- print <<END;
- </code>
- </table>
-END
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
exit;
- refreshpage();
}
my $core_release = `cat /opt/pakfire/db/core/mine 2>/dev/null`;
&Header::openbox("100%", "center", "Pakfire");
print <<END;
- <table width='95%' cellpadding='5'>
+ <table id="pfmain">
END
if ( -e "/var/run/need_reboot") {
- print "<tr><td align='center' colspan='2'><font color='red'>$Lang::tr{'needreboot'}!</font></td></tr>";
- print "<tr><td colspan='2'> </font></td></tr>"
+ print "\t\t<tr><td colspan='2'><a href='/cgi-bin/shutdown.cgi'>$Lang::tr{'needreboot'}!</a></td></tr>\n";
}
print <<END;
- <tr><td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire system state'}:</b>
-
- <td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'available updates'}:</b></tr>
-
- <tr><td align="center">$Lang::tr{'pakfire core update level'}: $core_release<hr />
- $Lang::tr{'pakfire last update'} $core_update_age $Lang::tr{'pakfire ago'}<br />
- $Lang::tr{'pakfire last serverlist update'} $server_update_age $Lang::tr{'pakfire ago'}<br />
- $Lang::tr{'pakfire last core list update'} $corelist_update_age $Lang::tr{'pakfire ago'}<br />
+ <tr><td class="heading">$Lang::tr{'pakfire system state'}:</td>
+ <td class="heading">$Lang::tr{'available updates'}:</td></tr>
+
+ <tr><td><strong>$Lang::tr{'pakfire core update level'}: $core_release</strong>
+ <hr>
+ <div class="pflist">
+ $Lang::tr{'pakfire last update'} $core_update_age $Lang::tr{'pakfire ago'}<br>
+ $Lang::tr{'pakfire last serverlist update'} $server_update_age $Lang::tr{'pakfire ago'}<br>
+ $Lang::tr{'pakfire last core list update'} $corelist_update_age $Lang::tr{'pakfire ago'}<br>
$Lang::tr{'pakfire last package update'} $packages_update_age $Lang::tr{'pakfire ago'}
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <input type='hidden' name='ACTION' value='update' /><br />
- <input type='submit' value='$Lang::tr{'calamaris refresh list'}' /><br />
- </form>
-<br />
- <td align="center">
+ </div>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <select name="UPDPAKS" size="5" disabled>
+ <input type='hidden' name='ACTION' value='update' />
+ <input type='submit' value='$Lang::tr{'calamaris refresh list'}' />
+ </form>
+ </td>
+ <td>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <select name="UPDPAKS" class="pflist" size="5" disabled>
END
- &Pakfire::dblist("upgrade", "forweb");
+
+ &Pakfire::dblist("upgrade", "forweb");
print <<END;
</select>
- <br />
<input type='hidden' name='ACTION' value='upgrade' />
<input type='image' alt='$Lang::tr{'upgrade'}' title='$Lang::tr{'upgrade'}' src='/images/document-save.png' />
</form>
+ </td>
+ </tr>
+ <tr><td class="heading">$Lang::tr{'pakfire available addons'}</td>
+ <td class="heading">$Lang::tr{'pakfire installed addons'}</td></tr>
- <tr><td colspan="2"><!-- Just an empty line -->
- <tr><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire available addons'}</b>
- <td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b>
- <tr><td style="padding:5px 10px 20px 20px" align="center">
- <p>$Lang::tr{'pakfire install description'}</p>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <select name="INSPAKS" size="10" multiple>
+ <tr><td><p>$Lang::tr{'pakfire install description'}</p>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <select name="INSPAKS" class="pflist" size="10" multiple>
END
- &Pakfire::dblist("notinstalled", "forweb");
-print <<END;
- </select>
- <br />
- <input type='hidden' name='ACTION' value='install' />
- <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/list-add.png' />
- </form>
-
- <td style="padding:5px 10px 20px 20px" align="center">
- <p>$Lang::tr{'pakfire uninstall description'}</p>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <select name="DELPAKS" size="10" multiple>
+ &Pakfire::dblist("notinstalled", "forweb");
+ print <<END;
+ </select>
+ <input type='hidden' name='ACTION' value='install' />
+ <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/list-add.png' />
+ </form>
+ </td>
+ <td><p>$Lang::tr{'pakfire uninstall description'}</p>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <select name="DELPAKS" class="pflist" size="10" multiple>
END
- &Pakfire::dblist("installed", "forweb");
-
-print <<END;
- </select>
- <br />
- <input type='hidden' name='ACTION' value='remove' />
- <input type='image' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' src='/images/list-remove.png' />
- </form>
+ &Pakfire::dblist("installed", "forweb");
+ print <<END;
+ </select>
+ <input type='hidden' name='ACTION' value='remove' />
+ <input type='image' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' src='/images/list-remove.png' />
+ </form>
+ </td>
+ </tr>
</table>
END
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
+
+###--- Internal functions ---###
+
+# Check if pakfire is already running (extend test here if necessary)
+sub _is_pakfire_busy {
+ # Return immediately if lockfile is present
+ if(-e "$Pakfire::lockfile") {
+ return 1;
+ }
+
+ # Check if a PID of a running pakfire instance is found
+ # (The system backpipe command is safe, because no user input is computed.)
+ my $pakfire_pid = `pidof -s /usr/local/bin/pakfire`;
+ chomp($pakfire_pid);
+
+ if($pakfire_pid) {
+ return 1;
+ }
+
+ # Pakfire isn't running
+ return 0;
+}
+
+# Send HTTP headers
+sub _start_json_output {
+ print "Cache-Control: no-cache, no-store\n";
+ print "Content-Type: application/json\n";
+ print "\n"; # End of HTTP headers
+}
--- /dev/null
+/*#############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+#############################################################################*/
+
+"use strict";
+
+// Pakfire Javascript functions (requires jQuery)
+class PakfireJS {
+ constructor() {
+ //--- Public properties ---
+ // Translation strings
+ this.i18n = new PakfireI18N();
+
+ //--- Private properties ---
+ // Status flags (access outside constructor only with setter/getter)
+ this._states = Object.create(null);
+ this._states.running = false;
+ this._states.reboot = false;
+ this._states.failure = false;
+
+ // Status refresh helper
+ this._autoRefresh = {
+ delay: 1000, //Delay between requests (minimum: 500, default: 1s)
+ jsonAction: 'getstatus', //CGI POST action parameter
+ timeout: 5000, //XHR timeout (0 to disable, default: 5s)
+
+ delayTimer: null, //setTimeout reference
+ jqXHR: undefined, //jQuery.ajax promise reference
+ get runningDelay() { //Waiting for end of delay
+ return (this.delayTimer !== null);
+ },
+ get runningXHR() { //Waiting for CGI response
+ return (this.jqXHR && (this.jqXHR.state() === 'pending'));
+ },
+ get isRunning() {
+ return (this.runningDelay || this.runningXHR);
+ }
+ };
+
+ // Return to main screen helper
+ this._pageReload = {
+ delay: 1000, //Delay before page reload (default: 1s)
+ enabled: false, //Reload disabled by default
+
+ delayTimer: null, //setTimeout reference
+ get isTriggered() { //Reload timer started
+ return (this.delayTimer !== null);
+ }
+ };
+ }
+
+ //### Public properties ###
+
+ // Note on using the status flags
+ // running: Pakfire is performing a task.
+ // Writing "true" activates the periodic AJAX/JSON status polling, writing "false" stops polling.
+ // When the task has been completed, status polling stops and this returns to "false".
+ // The page can then be reloaded to go back to the main screen. Writing "false" does not trigger a reload.
+ // "refreshInterval" and "setupPageReload" can be used to adjust the respective behaviour.
+ // reboot: An update requires a reboot.
+ // If set to "true", a link to the reboot menu is shown after the task is completed.
+ // failure: An error has occured.
+ // To display the error log, the page does not return to the main screen.
+
+ // Pakfire is running (true/false)
+ set running(state) {
+ if(this._states.running !== state) {
+ this._states.running = state;
+ this._states_onChange('running');
+ }
+ }
+ get running() {
+ return this._states.running;
+ }
+
+ // Reboot needed (true/false)
+ set reboot(state) {
+ if(this._states.reboot !== state) {
+ this._states.reboot = state;
+ this._states_onChange('reboot');
+ }
+ }
+ get reboot() {
+ return this._states.reboot;
+ }
+
+ // Error encountered (true/false)
+ set failure(state) {
+ if(this._states.failure !== state) {
+ this._states.failure = state;
+ this._states_onChange('failure');
+ }
+ }
+ get failure() {
+ return this._states.failure;
+ }
+
+ // Status refresh interval in ms
+ set refreshInterval(delay) {
+ if(delay < 500) {
+ delay = 500; //enforce reasonable minimum
+ }
+ this._autoRefresh.delay = delay;
+ }
+ get refreshInterval() {
+ return this._autoRefresh.delay;
+ }
+
+ // Configure page reload after successful task (returns to main screen)
+ // delay: In ms
+ setupPageReload(enabled, delay) {
+ if(delay < 0) {
+ delay = 0;
+ }
+ this._pageReload.delay = delay;
+ this._pageReload.enabled = enabled;
+ }
+
+ // Document loaded (call once from jQuery.ready)
+ documentReady() {
+ // Status refresh late start
+ if(this.running && (! this._autoRefresh.isRunning)) {
+ this._autoRefresh_runNow();
+ }
+ }
+
+ // Reload entire CGI page (clears POST/GET data from history)
+ documentReload() {
+ let url = window.location.origin + window.location.pathname;
+ window.location.replace(url);
+ }
+
+ //### Private properties ###
+
+ // Pakfire status change handler
+ // property: Affected status (running, reboot, ...)
+ _states_onChange(property) {
+ // Always update UI
+ if(this.running) {
+ $('#pflog-status').text(this.i18n.get('working'));
+ $('#pflog-action').empty();
+ } else {
+ if(this.failure) {
+ $('#pflog-status').text(this.i18n.get('finished error'));
+ } else {
+ $('#pflog-status').text(this.i18n.get('finished'));
+ }
+ if(this.reboot) { //Enable return or reboot links in UI
+ $('#pflog-action').html(this.i18n.get('link_return') + " • " + this.i18n.get('link_reboot'));
+ } else {
+ $('#pflog-action').html(this.i18n.get('link_return'));
+ }
+ }
+
+ // Start/stop status refresh if Pakfire started/stopped
+ if(property === 'running') {
+ if(this.running) {
+ this._autoRefresh_runNow();
+ } else {
+ this._autoRefresh_clearSchedule();
+ }
+ }
+
+ // Always stay in the log viewer if Pakfire failed
+ if(property === 'failure') {
+ if(this.failure) {
+ this._pageReload_cancel();
+ }
+ }
+ }
+
+ //--- Status refresh scheduling functions ---
+
+ // Immediately perform AJAX status refresh request
+ _autoRefresh_runNow() {
+ if(this._autoRefresh.runningXHR) {
+ return; // Don't send multiple requests
+ }
+ this._autoRefresh_clearSchedule(); // Stop scheduled refresh, will send immediately
+
+ // Send AJAX request, attach listeners
+ this._autoRefresh.jqXHR = this._JSON_get(this._autoRefresh.jsonAction, this._autoRefresh.timeout);
+ this._autoRefresh.jqXHR.done(function() { // Request succeeded
+ if(this.running) { // Keep refreshing while Pakfire is running
+ this._autoRefresh_scheduleRun();
+ }
+ });
+ this._autoRefresh.jqXHR.fail(function() { // Request failed
+ this._autoRefresh_scheduleRun(); // Try refreshing until valid status is received
+ });
+ }
+
+ // Schedule next refresh
+ _autoRefresh_scheduleRun() {
+ if(this._autoRefresh.runningDelay || this._autoRefresh.runningXHR) {
+ return; // Refresh already scheduled or in progress
+ }
+ this._autoRefresh.delayTimer = window.setTimeout(function() {
+ this._autoRefresh.delayTimer = null;
+ this._autoRefresh_runNow();
+ }.bind(this), this._autoRefresh.delay);
+ }
+
+ // Stop scheduled refresh (can still be refreshed up to 1x if XHR is already sent)
+ _autoRefresh_clearSchedule() {
+ if(this._autoRefresh.runningDelay) {
+ window.clearTimeout(this._autoRefresh.delayTimer);
+ this._autoRefresh.delayTimer = null;
+ }
+ }
+
+ // Start delayed page reload to return to main screen
+ _pageReload_trigger() {
+ if((! this._pageReload.enabled) || this._pageReload.isTriggered) {
+ return; // Disabled or already started
+ }
+ this._pageReload.delayTimer = window.setTimeout(function() {
+ this._pageReload.delayTimer = null;
+ this.documentReload();
+ }.bind(this), this._pageReload.delay);
+ }
+
+ // Stop scheduled reload
+ _pageReload_cancel() {
+ if(this._pageReload.isTriggered) {
+ window.clearTimeout(this._pageReload.delayTimer);
+ this._pageReload.delayTimer = null;
+ }
+ }
+
+ //--- JSON request & data handling ---
+
+ // Load JSON data from Pakfire CGI, using a POST request
+ // action: POST paramter "json-[action]"
+ // maxTime: XHR timeout, 0 = no timeout
+ _JSON_get(action, maxTime = 0) {
+ return $.ajax({
+ url: '/cgi-bin/pakfire.cgi',
+ method: 'POST',
+ timeout: maxTime,
+ context: this,
+ data: {'ACTION': `json-${action}`},
+ dataType: 'json' //automatically check and convert result
+ })
+ .done(function(response) {
+ this._JSON_process(action, response);
+ });
+ }
+
+ // Process successful response from Pakfire CGI
+ // action: POST paramter "json-[action]" used to send request
+ // data: JSON data object
+ _JSON_process(action, data) {
+ // Pakfire status refresh
+ if(action === this._autoRefresh.jsonAction) {
+ // Update status flags
+ this.running = (data['running'] != '0');
+ this.reboot = (data['reboot'] != '0');
+ this.failure = (data['failure'] != '0');
+
+ // Update timer display
+ if(this.running && data['running_since']) {
+ $('#pflog-time').text(this.i18n.get('since') + " " + data['running_since']);
+ } else {
+ $('#pflog-time').empty();
+ }
+
+ // Print log messages
+ let messages = "";
+ data['messages'].forEach(function(line) {
+ messages += `${line}\n`;
+ });
+ $('#pflog-messages').text(messages);
+
+ // Pakfire finished without errors, return to main screen
+ if((! this.running) && (! this.failure)) {
+ this._pageReload_trigger();
+ }
+ }
+ }
+}
+
+// Simple translation strings helper
+// Format: {key: "translation"}
+class PakfireI18N {
+ constructor() {
+ this._strings = Object.create(null); //Object without prototypes
+ }
+
+ // Get translation
+ get(key) {
+ if(Object.prototype.hasOwnProperty.call(this._strings, key)) {
+ return this._strings[key];
+ }
+ return `(undefined string '${key}')`;
+ }
+
+ // Load key/translation object
+ load(translations) {
+ if(translations instanceof Object) {
+ Object.assign(this._strings, translations);
+ }
+ }
+}
+
+//### Initialize Pakfire ###
+const pakfire = new PakfireJS();
+
+$(function() {
+ pakfire.documentReady();
+});
-%tr = (
+%tr = (
%tr,
'24 hours' => '24 Stunden',
'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"',
'drop action2' => 'Standardverhalten der (Input) Firewall',
'drop forward' => 'Verworfene, von der Firewall weitergeleitete Pakete protokollieren',
+'drop hostile' => 'Pakete von und zu bösartigen Netzen (Spamhaus DROP-Listing, etc.) verwerfen',
'drop input' => 'Verworfene eingehende Pakete protokollieren',
'drop newnotsyn' => 'Verworfene neue Pakete ohne SYN-Markierung protokollieren (NewNotSYN)',
'drop outgoing' => 'Verworfene, von der Firewall ausgehende Pakete protokollieren',
'drop portscan' => 'Verworfene Portscan Pakete protokollieren',
'drop proxy' => 'Alle Pakete verwerfen, die nicht direkt an den Proxy gerichtet sind',
'drop samba' => 'Alle Pakete an Microsoftdienste verwerfen (Ports 135, 137, 138, 139, 445 und 1025)',
+'drop spoofed martians' => 'Verworfene gefälschte Pakete und Marsianer protokollieren',
'drop wirelessforward' => 'Verworfene weitergeleitete Wireless-Pakete protokollieren',
'drop wirelessinput' => 'Verworfene eingehende Wireless-Pakete protokollieren',
'dst port' => 'Zielport',
'from email server' => 'Von E-Mail-Server',
'from email user' => 'Von E-Mail-Benutzer',
'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig',
-'fw blue' => 'Firewalloptionen für das Blaue Interface',
+'fw blue' => 'Firewalloptionen für das blaue Interface',
'fw default drop' => 'Firewallrichtlinie',
'fw logging' => 'Firewallprotokollierung',
'fw settings' => 'Firewalleinstellungen',
'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen',
'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen',
'fw settings ruletable' => 'Leere Regeltabellen anzeigen',
+'fw red' => 'Firewalloptionen für das rote Interface',
'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw MODE1' => 'Alle Pakete verwerfen',
'host deny' => 'Liste der nicht Zugriffsberechtigten',
'host ip' => 'Host IP-Adresse',
'host to net vpn' => 'Host-zu-Netz Virtual Private Network (RoadWarrior)',
+'hostile networks' => 'Bösartige Netze',
'hostname' => 'Hostname',
'hostname and domain already in use' => 'Hostname und Domain werden bereits benutzt.',
'hostname cant be empty' => 'Hostname darf nicht leer bleiben.',
'idle' => 'Leerlauf',
'idle timeout' => 'Leerlaufwartezeit in Minuten (0 zum Deaktivieren):',
'idle timeout not set' => 'Leerlaufwartezeit nicht angegeben.',
+'ids add provider' => 'Provider hinzufügen',
'ids apply' => 'Übernehmen',
'ids apply ruleset changes' => 'Regeländerungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
+'ids autoupdates' => 'Automatische Updates',
'ids automatic rules update' => 'Automatische Regelaktualisierung',
-'ids download new ruleset' => 'Das neue Regelsatz wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
+'ids could not add provider' => 'Provider konnte nicht hinzugefügt werden',
+'ids customize ruleset' => 'Regelset anpassen',
+'ids download new ruleset' => 'Das neue Regelset wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
'ids enable' => 'Einbruchsverhinderungssystem aktivieren',
+'ids enable automatic updates' => 'Automatische Updates aktivieren',
+'ids force ruleset update' => 'Regelset jetzt aktualisieren',
'ids hide' => 'Verstecken',
'ids ignored hosts' => 'Ausnahmeliste',
'ids log hits' => 'Gesamtanzahl der Regeltreffer für',
'ids monitor traffic only' => 'Netzwerkpakete nur überprüfen (nicht verwerfen)',
'ids monitored interfaces' => 'Überwachte Netzwerkzonen',
'ids no network zone' => 'Bitte wählen Sie mindestens eine zu überwachende Netzwerkzone aus',
-'ids no ruleset available' => 'Es ist kein Regelsatz verfügbar. Bitte laden Sie einen Regelsatz herunter.',
+'ids no enabled ruleset provider' => 'Es ist kein aktivierter Provider verfügbar. Bitte aktivieren Sie einen oder fügen Sie einen Provider hinzu.',
'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt',
+'ids provider' => 'Regelset-Anbieter',
+'ids provider settings' => 'Regelset-Anbieter-Einstellungen',
+'ids reset provider' => 'Providereinstellungen zurücksetzen',
'ids rules update' => 'Regelsatz',
'ids ruleset autoupdate in progress' => 'Der Regelsatz wird gerade aktualisiert. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...',
'ids ruleset settings' => 'Regelsatzeinstellungen',
'ids show' => 'Anzeigen',
+'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
+'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids visit provider website' => 'Anbieter-Webseite besuchen',
'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
'ignore filter' => '"Ignorieren"-Filter',
'pakfire configuration' => 'Pakfire Konfiguration',
'pakfire core update auto' => 'Core- und Addon-Updates automatisch installieren:',
'pakfire core update level' => 'Core-Update-Level',
+'pakfire finished' => 'Pakfire ist fertig! Kehre zurück...',
+'pakfire finished error' => 'Pakfire ist fertig! Fehler sind aufgetreten, bitte überprüfen Sie die Log-Ausgabe, bevor Sie fortfahren.',
'pakfire health check' => 'Mirrors auf Erreichbarkeit prüfen (Ping):',
'pakfire install description' => 'Wählen Sie ein oder mehrere Pakete zur Installation aus und drücken Sie auf das plus-Symbol.',
'pakfire install package' => 'Sie möchten folgende Pakete installieren: ',
'pakfire last update' => 'Letztes Update ist',
'pakfire possible dependency' => ' Möglicherweise haben diese Pakete Abhängigkeiten, d.h. andere Pakete müssen zusätzlich installiert werden. Dazu sehen Sie unten eine Liste.',
'pakfire register' => 'Registrierung am Pakfire-Server:',
+'pakfire return' => 'Zurück zu Pakfire',
'pakfire system state' => 'System Status',
'pakfire tree' => 'Zu verwendendes Pakfire-Repository:',
'pakfire tree stable' => 'Veröffentlichte Versionen (stable)',
'spectre variant 1' => 'Spectre-Variante 1',
'spectre variant 2' => 'Spectre-Variante 2',
'spectre variant 4' => 'Spectre-Variante 4',
+'spoofed or martians' => 'Gefälscht/Marsianer',
'squid extension methods' => 'Ihre <tt>extension_methods</tt> Liste',
'squid extension methods invalid' => 'Ihre \'extension_methods\' Liste darf nur Worte aus Großbuchstaben und Ziffer enthalten, die mittels eines Leerzeichens getrennt werden.',
'squid fix cache' => 'Zwischenspeicher reparieren',
-%tr = (
+%tr = (
%tr,
'24 hours' => '24 Hours',
'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"',
'drop action2' => 'Default behaviour of (input) firewall',
'drop forward' => 'Log dropped forward packets',
+'drop hostile' => 'Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.)',
'drop input' => 'Log dropped input packets',
'drop newnotsyn' => 'Log dropped new not SYN packets',
'drop outgoing' => 'Log dropped outgoing packets',
'drop portscan' => 'Log dropped portscan packets',
'drop proxy' => 'Drop all packets not addressed to proxy',
'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025',
+'drop spoofed martians' => 'Log dropped spoofed packets and marsians',
'drop wirelessforward' => 'Log dropped wireless forward packets',
'drop wirelessinput' => 'Log dropped wireless input packets',
'dst port' => 'Dst Port',
'fw settings dropdown' => 'Show all networks on rulecreation site',
'fw settings remark' => 'Show remarks in ruletable',
'fw settings ruletable' => 'Show empty ruletables',
+'fw red' => 'Firewall options for RED interface',
'fwdfw ACCEPT' => 'ACCEPT',
'fwdfw DROP' => 'DROP',
'fwdfw MODE1' => 'Drop all packets',
'host deny' => 'list with denied hosts',
'host ip' => 'Host IP address',
'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)',
+'hostile networks' => 'Hostile networks',
'hostname' => 'Hostname',
'hostname and domain already in use' => 'Hostname and domain already in use.',
'hostname cant be empty' => 'Hostname cannot be empty.',
'idle' => 'Idle',
'idle timeout' => 'Idle timeout (mins; 0 to disable):',
'idle timeout not set' => 'Idle timeout not set.',
+'ids add provider' => 'Add provider',
'ids apply' => 'Apply',
'ids apply ruleset changes' => 'The ruleset changes are being applied. Please wait until all operations have completed successfully...',
+'ids autoupdates' => 'Automatic updates',
'ids automatic rules update' => 'Automatic Rule Update',
+'ids could not add provider' => 'Could not add provider',
+'ids customize ruleset' => 'Customize ruleset',
'ids download new ruleset' => 'Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...',
'ids enable' => 'Enable Intrusion Prevention System',
+'ids enable automatic updates' => 'Enable automatic updates',
+'ids force ruleset update' => 'Force ruleset update',
'ids hide' => 'Hide',
'ids ignored hosts' => 'Whitelisted Hosts',
'ids log hits' => 'Total of number of activated rules for',
'ids monitor traffic only' => 'Monitor traffic only',
'ids monitored interfaces' => 'Monitored Interfaces',
'ids no network zone' => 'Please select at least one network zone to be monitored',
-'ids no ruleset available' => 'No ruleset is available. Please download one first',
-'ids oinkcode required' => 'The selected ruleset requires a subscription or an Oinkcode',
+'ids no enabled ruleset provider' => 'No enabled ruleset is available. Please activate or add one first.',
+'ids subscription code required' => 'The selected ruleset requires a subscription code',
+'ids provider' => 'Provider',
+'ids provider settings' => 'Provider settings',
+'ids reset provider' => 'Reset provider',
'ids rules update' => 'Ruleset',
'ids ruleset autoupdate in progress' => 'Ruleset update in progress. Please wait until all operations have completed successfully...',
'ids ruleset settings' => 'Ruleset Settings',
'ids show' => 'Show',
+'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
+'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids visit provider website' => 'Visit provider website',
'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
'iface' => 'Iface',
'ignore filter' => 'Ignore filter',
'invalid input for max clients' => 'Invalid input for Max Clients. The maximum of 1024 clients has been exceeded',
'invalid input for mode' => 'Invalid input for mode',
'invalid input for name' => 'Invalid input for user\'s full name or system hostname',
-'invalid input for oink code' => 'Invalid input for Oink code',
+'invalid input for subscription code' => 'Invalid input for subscription code',
'invalid input for organization' => 'Invalid input for organization',
'invalid input for remote host/ip' => 'Invalid input for remote host/ip.',
'invalid input for state or province' => 'Invalid input for state or province.',
'pakfire configuration' => 'Pakfire Configuration',
'pakfire core update auto' => 'Install core and addon updates automatically:',
'pakfire core update level' => 'Core-Update-Level',
+'pakfire finished' => 'Pakfire has finished! Returning...',
+'pakfire finished error' => 'Pakfire has finished! Errors occurred, please check the log output before proceeding.',
'pakfire health check' => 'Check if mirror is reachable (ping):',
'pakfire install description' => 'Please choose one or more items from the list below and click the plus to install.',
'pakfire install package' => 'You want to install the following packages: ',
'pakfire last update' => 'Last update made',
'pakfire possible dependency' => ' There may be depending packages, here is a list of packages that need to be installed.',
'pakfire register' => 'Register at pakfire-server:',
+'pakfire return' => 'Return to Pakfire',
'pakfire system state' => 'System Status',
'pakfire tree' => 'Repository',
'pakfire tree stable' => 'Stable',
'spectre variant 1' => 'Spectre Variant 1',
'spectre variant 2' => 'Spectre Variant 2',
'spectre variant 4' => 'Spectre Variant 4',
+'spoofed or martians' => 'Spoofed/Martians',
'squid extension methods' => 'Your <tt>extension_methods</tt> list',
'squid extension methods invalid' => 'Your \'extension_methods\' list can only contain uppercase words of letters and digits, separated with a space. ',
'squid fix cache' => 'Repair cache',
'subnet is invalid' => 'Netmask is invalid',
'subnet mask' => 'Subnet Mask',
'subscripted user rules' => 'Talos VRT rules with subscription',
+'subscription code' => 'Subscription code',
'successfully refreshed updates list' => 'Successfully refreshed updates list.',
'summaries kept' => 'Keep summaries for',
'sunday' => 'Sunday',
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 0.104.1
+VER = 0.104.2
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 58
+PAK_VER = 59
DEPS =
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 49b9bb94d5b2cafc761f8fbe660d3bfa
+$(DL_FILE)_MD5 = ad099675f2c09c07850e36496b06c552
install : $(TARGET)
echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings
echo "01" > $(CONFIG_ROOT)/certs/serial
echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf
- echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings
echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings
+ echo "DROPHOSTILE=on" >> $(CONFIG_ROOT)/optionsfw/settings
echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings
echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings
# Install snort to suricata converter.
cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort
cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file
+ cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers
# set converters executable
chmod 755 /usr/sbin/convert-*
include Config
-VER = 2.4.1
+VER = 2.4.2
THISAPP = expat-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 476cdf4b5e40280316fff36b2086a390
+$(DL_FILE)_MD5 = 58780ad6944d02f6cf6ba332838694b2
install : $(TARGET)
include Config
-VER = 2.11.0
+VER = 2.11.1
THISAPP = freetype-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f931582653774e310ed3a7e49b7167a3
+$(DL_FILE)_MD5 = 24e79233d607ded439ef36ff1f3ab68f
install : $(TARGET)
include Config
-VER = 1.8.3
+VER = 1.20
THISAPP = gdbm-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1d1b1d5c0245b1c00aff92da751e9aa1
+$(DL_FILE)_MD5 = 006c19b8b60828fd6916a16f3496bd3c
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-nls \
+ --disable-static
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make BINOWN=root BINGRP=root install
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-nls \
+ --disable-static \
+ --enable-libgdbm-compat
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make BINOWN=root BINGRP=root install
- cd $(DIR_APP) && make BINOWN=root BINGRP=root install-compat
@rm -rf $(DIR_APP)
@$(POSTBUILD)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 9.55
+VER = 9.63
THISAPP = hdparm-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = adae46e9564075ae288af8082d5ad9fd
+$(DL_FILE)_MD5 = cea97ea2aa164f66817adc98c6814280
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 28
+VER = 29
THISAPP = kmod-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0a2b887b1b3dfb8c0b3f41f598203e56
+$(DL_FILE)_MD5 = e81e63acd80697d001c8d85c1acb38a0
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.0.23
+VER = 1.0.24
THISAPP = libusb-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1e29700f6a134766d32b36b8d1d61a95
+$(DL_FILE)_MD5 = 5bc27df16155302f308d409e73589872
install : $(TARGET)
include Config
-VER = 6.5.0
+VER = 7.10.0
THISAPP = libvirt-$(VER)
DL_FILE = $(THISAPP).tar.xz
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64
PROG = libvirt
-PAK_VER = 26
+PAK_VER = 27
DEPS = ebtables libpciaccess libtirpc libyajl ncat qemu
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 19ea5c0d18bed1515c23a9e9c7427dc0
+$(DL_FILE)_MD5 = 435d27a73b25c936e0451cc4397ab986
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch
- mkdir -p -v $(DIR_APP)/build_libvirt && cd $(DIR_APP)/build_libvirt
-
- cd $(DIR_APP)/build_libvirt && ../autogen.sh --no-git
-
- cd $(DIR_APP)/build_libvirt && ../configure \
+ cd $(DIR_APP) && meson \
--prefix=/usr \
--localstatedir=/var \
--sysconfdir=/etc \
- --without-sasl \
- --without-vbox \
- --without-lxc \
- --without-esx \
- --without-vmware \
- --without-openvz \
- --without-firewalld \
- --without-network \
- --with-interface \
- --with-virtualport \
- --with-macvtap \
- --without-wireshark-dissector \
- --disable-nls \
- --without-test-suite \
- --without-dbus \
- --with-qemu-user=nobody \
- --with-qemu-group=kvm \
- --with-storage-dir \
- --with-storage-fs \
- --with-storage-lvm \
- --without-storage-iscsi \
- --without-storage-scsi \
- --without-storage-mpath \
- --without-storage-disk \
- --without-storage-rbd \
- --without-storage-sheepdog \
- --without-storage-gluster \
- --without-storage-zfs
-
- cd $(DIR_APP)/build_libvirt && make $(MAKETUNING) $(EXTRA_MAKE)
- cd $(DIR_APP)/build_libvirt && make install
+ -D docs=disabled \
+ -D sasl=disabled \
+ -D driver_vbox=disabled \
+ -D driver_lxc=disabled \
+ -D driver_esx=disabled \
+ -D driver_vmware=disabled \
+ -D driver_openvz=disabled \
+ -D firewalld=disabled \
+ -D driver_network=disabled \
+ -D driver_interface=enabled \
+ -D wireshark_dissector=disabled \
+ -D nls=disabled \
+ -D tests=disabled \
+ -D qemu_user=nobody \
+ -D qemu_group=kvm \
+ -D storage_dir=enabled \
+ -D storage_fs=enabled \
+ -D storage_lvm=enabled \
+ -D storage_iscsi=disabled \
+ -D storage_scsi=disabled \
+ -D storage_mpath=disabled \
+ -D storage_disk=disabled \
+ -D storage_rbd=disabled \
+ -D storage_sheepdog=disabled \
+ -D storage_gluster=disabled \
+ -D storage_zfs=disabled \
+ builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && ninja -C builddir/ install
#install initscripts
$(call INSTALL_INITSCRIPT,libvirtd)
include Config
-VER = 2.9.10
+VER = 2.9.12
THISAPP = libxml2-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 10942a1dc23137a8aa07f0639cbfece5
+$(DL_FILE)_MD5 = f433a39be087a9f0b197eb2307ad9f75
install : $(TARGET)
include Config
-VER = 1.1.28
+VER = 1.1.34
THISAPP = libxslt-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9667bf6f9310b957254fdcf6596600b7
+$(DL_FILE)_MD5 = db8765c8d076f1b6caafd9f2542a304a
install : $(TARGET)
include Config
-VER = 2.02.187
+VER = 2.02.188
THISAPP = LVM2.$(VER)
DL_FILE = $(THISAPP).tgz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7941cbe16126ef334b4aa8fcb5c985b5
+$(DL_FILE)_MD5 = 6f942117cad9c18b0e38af08b72d86b6
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 5.29.0
+VER = 5.30.0
THISAPP = monit-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = monit
-PAK_VER = 16
+PAK_VER = 17
DEPS =
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a0546d0d52216b22ebd57acc0bb1e03
+$(DL_FILE)_MD5 = d1a1b2349e8d0f833b3057c7b102b09d
install : $(TARGET)
include Config
-VER = 10.37
+VER = 10.39
THISAPP = pcre2-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a0b59d89828f62d2e1caac04f7c51e0b
+$(DL_FILE)_MD5 = 7389e3524de2cda3d21fde8c224febf1
install : $(TARGET)
include Config
-VER = 5.803
+VER = 6.60
THISAPP = libwww-perl-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3345d5f15a4f42350847254141725c8f
+$(DL_FILE)_MD5 = ce5180358d9279b2843a6518bf2de200
install : $(TARGET)
include Config
-VER = 0.4.10
+VER = 0.4.11
THISAPP = poppler-data-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a7f15fb2f26c60a7a92093cfdf2378d5
+$(DL_FILE)_MD5 = 506eeed773f3ed8684d8c45961c025d4
install : $(TARGET)
include Config
-VER = 56.2.0
+VER = 58.0.4
THISAPP = setuptools-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = python3-setuptools
-PAK_VER = 3
+PAK_VER = 4
DEPS =
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e8caf0f129f585a887bb3cbb528149d1
+$(DL_FILE)_MD5 = 17245af34e1a7d54976bca8c1bf092b7
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 4.16
+VER = 5.2
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d200064f7050969680f628d26b8c704d
+$(DL_FILE)_MD5 = 102984f3ea382a1fa5bd917c2ee155ec
install : $(TARGET)
--enable-icap-client \
--enable-zph-qos \
--with-dl \
- --with-filedescriptors=$$(( 16384 * 64 )) \
--with-large-files \
--without-gnutls \
--without-netfilter-conntrack
# Install yaml file for loading default rules.
install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata
+ # Set correct ownership for the default rules file.
+ chown nobody:nobody /var/ipfire/suricata/suricata-default-rules.yaml
+
# Create emtpy rules directory.
-mkdir -p /var/lib/suricata
# Move config files for references, threshold and classification
# to the rules directory.
- mv /etc/suricata/*.config /var/lib/suricata
+ rm -rfv /etc/suricata/*.config
- # Set correct permissions for the files.
- chmod 644 /var/lib/suricata/*.config
+ # Set correct ownership for the classifiction config file.
+ # (File has to be writeable for the nobody user)
+ chown nobody:nobody /usr/share/suricata/classification.config
# Set correct ownership for /var/lib/suricata and the
# contained files
include Config
-VER = 8.6.11
+VER = 8.6.12
THISAPP = tcl$(VER)
DL_FILE = $(THISAPP)-src.tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a4c004f48984a03a7747e9ba06e4da4
+$(DL_FILE)_MD5 = 87ea890821d2221f2ab5157bc5eb885f
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 007
+VER = 013
THISAPP = usbutils-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c9df5107ae9d26b10a1736a261250139
+$(DL_FILE)_MD5 = 91b0c9a3382d6f4c382df7a98462de2e
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
+ cd $(DIR_APP) && ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr \
--datadir=/usr/share/hwdata \
--disable-zlib
include Config
-VER = 1.5.0
+VER = 1.5.1
THISAPP = zstd-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a6eb7fb1f2c21fa80030a47993853e92
+$(DL_FILE)_MD5 = b97d53547220355907dedec7de9a4f29
install : $(TARGET)
SNAME="ipfire" # Short name
# If you update the version don't forget to update backupiso and add it to core update
VERSION="2.27" # Version number
-CORE="163" # Core Level (Filename)
+CORE="164" # Core Level (Filename)
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
MAX_RETRIES=1 # prefetch/check loop
lfsmake2 Digest
lfsmake2 Digest-SHA1
lfsmake2 Digest-HMAC
- lfsmake2 libwww-perl
+ lfsmake2 perl-libwww
lfsmake2 Net-DNS
lfsmake2 Net-IPv4Addr
lfsmake2 Net_SSLeay
fi
;;
*)
- echo "Usage: $0 {build|changelog|clean|gettoolchain|downloadsrc|shell|sync|toolchain|update-contributors|find-dependencies|check-manualpages}"
+ echo "Usage: $0 [OPTIONS] {build|changelog|clean|gettoolchain|downloadsrc|shell|sync|toolchain|update-contributors|find-dependencies|check-manualpages}"
cat doc/make.sh-usage
;;
esac
fi
iptables -A NEWNOTSYN -j DROP -m comment --comment "DROP_NEWNOTSYN"
+ # Log and subsequently drop spoofed packets or "martians", arriving from sources
+ # on interfaces where we don't expect them
+ iptables -N SPOOFED_MARTIAN
+ if [ "$DROPSPOOFEDMARTIAN" == "on" ]; then
+ iptables -A SPOOFED_MARTIAN -m limit --limit 10/second -j LOG --log-prefix "DROP_SPOOFED_MARTIAN "
+ fi
+ iptables -A SPOOFED_MARTIAN -j DROP -m comment --comment "DROP_SPOOFED_MARTIAN"
+
# Chain to contain all the rules relating to bad TCP flags
iptables -N BADTCP
# Connection tracking chains
iptables -N CONNTRACK
iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP
+ iptables -A CONNTRACK -m conntrack --ctstate INVALID -j LOG_DROP
iptables -A CONNTRACK -p icmp -m conntrack --ctstate RELATED -j ACCEPT
# Restore any connection marks
iptables -t nat -N CUSTOMPOSTROUTING
iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+ # Log and drop any traffic from and to networks known as being hostile, posing
+ # a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
+ if [ "$DROPHOSTILE" == "on" ]; then
+ iptables -N DROP_HOSTILE
+ iptables -A DROP_HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+
+ iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
+ iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
+ iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE
+ iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
+
+ iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
+ fi
+
# P2PBLOCK
iptables -N P2PBLOCK
iptables -A INPUT -j P2PBLOCK
iptables -A FORWARD -j P2PBLOCK
iptables -A OUTPUT -j P2PBLOCK
-
+
# IPS (Guardian) chains
iptables -N GUARDIAN
iptables -A INPUT -j GUARDIAN
iptables -A INPUT -j ICMPINPUT
iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
- # Accept everything on loopback
+ # Accept everything on loopback if source/destination is loopback space...
iptables -N LOOPBACK
- iptables -A LOOPBACK -i lo -j ACCEPT
- iptables -A LOOPBACK -o lo -j ACCEPT
+ iptables -A LOOPBACK -i lo -s 127.0.0.0/8 -j ACCEPT
+ iptables -A LOOPBACK -o lo -d 127.0.0.0/8 -j ACCEPT
- # Filter all packets with loopback addresses on non-loopback interfaces.
- iptables -A LOOPBACK -s 127.0.0.0/8 -j DROP
- iptables -A LOOPBACK -d 127.0.0.0/8 -j DROP
+ # ... and drop everything else on the loopback interface, since no other traffic should appear there
+ iptables -A LOOPBACK -i lo -j SPOOFED_MARTIAN
+ iptables -A LOOPBACK -o lo -j SPOOFED_MARTIAN
+
+ # Filter all packets with loopback addresses on non-loopback interfaces (spoofed)
+ iptables -A LOOPBACK -s 127.0.0.0/8 -j SPOOFED_MARTIAN
+ iptables -A LOOPBACK -d 127.0.0.0/8 -j SPOOFED_MARTIAN
for i in INPUT FORWARD OUTPUT; do
iptables -A ${i} -j LOOPBACK
iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
fi
+ # Tor (inbound)
+ iptables -N TOR_INPUT
+ iptables -A INPUT -j TOR_INPUT
+
# Location Block
iptables -N LOCATIONBLOCK
iptables -A INPUT -j LOCATIONBLOCK
iptables -N OVPNINPUT
iptables -A INPUT -j OVPNINPUT
- # Tor (inbound and outbound)
- iptables -N TOR_INPUT
- iptables -A INPUT -j TOR_INPUT
+ # Tor (outbound)
iptables -N TOR_OUTPUT
iptables -A OUTPUT -j TOR_OUTPUT
-
+
# Jump into the actual firewall ruleset.
iptables -N INPUTFW
iptables -A INPUT -j INPUTFW
iptables -F REDFORWARD
iptables -t nat -F REDNAT
+ # Prohibit spoofing our own IP address on RED
+ if [ -f /var/ipfire/red/active ]; then
+ REDIP="$( cat /var/ipfire/red/local-ipaddress )";
+
+ if [ "$IFACE" != "" ]; then
+ iptables -A REDINPUT -s $REDIP -i $IFACE -j SPOOFED_MARTIAN
+ elif [ "$DEVICE" != "" ]; then
+ iptables -A REDINPUT -s $REDIP -i $DEVICE -j SPOOFED_MARTIAN
+ fi
+ fi
+
# PPPoE / PPTP Device
if [ "$IFACE" != "" ]; then
# PPPoE / PPTP
case "$1" in
start)
+ ulimit -n 32768
getpids "squid"
if [ -n "${pidlist}" ]; then
-From a50fa0195e36773d57593006152828ce2c0523fd Mon Sep 17 00:00:00 2001
-From: Jonatan Schlag <jonatan.schlag@ipfire.org>
-Date: Fri, 6 May 2016 11:38:08 +0200
-Subject: [PATCH] Change default behavior of libvirt-guests.sh for IPFire
-
-Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
----
- tools/libvirt-guests.sh.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index 7f74b85..87aceb7 100644
---- a/tools/libvirt-guests.sh.in
-+++ b/tools/libvirt-guests.sh.in
-@@ -30,9 +30,9 @@ test ! -r "$sysconfdir"/rc.d/init.d/functions ||
+--- libvirt-7.10.0/tools/libvirt-guests.sh.in.orig 2021-12-01 10:51:11.942943000 +0100
++++ libvirt-7.10.0/tools/libvirt-guests.sh.in 2022-01-11 12:32:37.765715377 +0100
+@@ -30,9 +30,9 @@
export TEXTDOMAIN="@PACKAGE@" TEXTDOMAINDIR="@localedir@"
--URIS=default
--ON_BOOT=start
--ON_SHUTDOWN=suspend
-+URIS=qemu:///system
-+ON_BOOT=ignore
-+ON_SHUTDOWN=shutdown
+-URIS="default"
+-ON_BOOT="start"
+-ON_SHUTDOWN="suspend"
++URIS="qemu:///system"
++ON_BOOT="ignore"
++ON_SHUTDOWN="shutdown"
SHUTDOWN_TIMEOUT=300
PARALLEL_SHUTDOWN=0
START_DELAY=0
---
-2.1.4
-
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2018-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";
+# Hash to store the configured providers.
+my %providers = ();
+
# The user and group name as which this script should be run.
my $run_as = 'nobody';
POSIX::setuid( $uid );
}
+# Check if the IDS lock file exists.
+# In this case the WUI or another instance currently is altering the
+# ruleset.
+if (-f "$IDS::ids_page_lock_file") {
+ # Store notice to the syslog.
+ &IDS::_log_to_syslog("Another process currently is altering the IDS ruleset.");
+
+ # Exit.
+ exit 0;
+}
+
# Check if the red device is active.
unless (-e "${General::swroot}/red/active") {
# Store notice in the syslog.
# Lock the IDS page.
&IDS::lock_ids_page();
-# Call the download function and gather the new ruleset.
-if(&IDS::downloadruleset()) {
- # Store error message for displaying in the WUI.
- &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+# Grab the configured providers.
+&General::readhasharray("$IDS::providers_settings_file", \%providers);
- # Unlock the IDS page.
- &IDS::unlock_ids_page();
+# Loop through the array of available providers.
+foreach my $id (keys %providers) {
+ # Assign some nice variabled.
+ my $provider = $providers{$id}[0];
+ my $autoupdate_status = $providers{$id}[3];
- # Exit.
- exit 0;
-}
+ # Skip the provider if autoupdate is not enabled.
+ next unless($autoupdate_status eq "enabled");
+
+ # Call the download function and gather the new ruleset for the current processed provider.
+ if(&IDS::downloadruleset($provider)) {
+ # Store error message for displaying in the WUI.
+ &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}");
+
+ # Unlock the IDS page.
+ &IDS::unlock_ids_page();
-# Set correct ownership for the downloaded tarball.
-&IDS::set_ownership("$IDS::rulestarball");
+ # Exit.
+ exit 0;
+ }
+
+ # Get path and name of the stored rules file or archive.
+ my $stored_file = &IDS::_get_dl_rulesfile($provider);
+
+ # Set correct ownership for the downloaded tarball.
+ &IDS::set_ownership("$stored_file");
+}
# Call oinkmaster to alter the ruleset.
&IDS::oinkmaster();
projects / people / pmueller / ipfire-2.x.git / commitdiff
