From 65871d1a0c97823a3f47184b533154a6daebd625 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 20 May 2019 21:17:17 +0100 Subject: [PATCH] Add new CGI file to show CPU vulnerability status This is supposed to help users to have an idea about the status of the used hardware. Additionally, it allows users to enable/disable SMT. Signed-off-by: Michael Tremer --- doc/language_issues.de | 15 +++ doc/language_issues.en | 17 ++- doc/language_issues.es | 17 ++- doc/language_issues.fr | 15 +++ doc/language_issues.it | 17 ++- doc/language_issues.nl | 17 ++- doc/language_issues.pl | 17 ++- doc/language_issues.ru | 17 ++- doc/language_issues.tr | 15 +++ doc/language_missings | 125 ++++++++++++++++++++- html/cgi-bin/security.cgi | 224 ++++++++++++++++++++++++++++++++++++++ langs/en/cgi-bin/en.pl | 16 ++- 12 files changed, 500 insertions(+), 12 deletions(-) create mode 100644 html/cgi-bin/security.cgi diff --git a/doc/language_issues.de b/doc/language_issues.de index 6bc94f7984..9a02fb2899 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -752,10 +752,15 @@ WARNING: untranslated string: Scan for Songs = unknown string WARNING: untranslated string: addons = Addons WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: community rules = Snort/VRT GPLv2 Community Rules +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian = Guardian @@ -794,10 +799,20 @@ WARNING: untranslated string: ids show = Show WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: interface mode = Interface +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: show tls-auth key = Show tls-auth key +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: vpn statistics n2n = unknown string +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable diff --git a/doc/language_issues.en b/doc/language_issues.en index 9d1c36b35d..f5a448bbf6 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -5,7 +5,7 @@ WARNING: untranslated string: Add Port Rule = Add port rule WARNING: untranslated string: Add Rule = Add rule WARNING: untranslated string: Add a route = Add a route WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -526,6 +526,7 @@ WARNING: untranslated string: current fixed leases = Current fixed leases WARNING: untranslated string: current hosts = Current hosts WARNING: untranslated string: current playlist = Current Playlist WARNING: untranslated string: current rules = Current rules: +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: date = Date WARNING: untranslated string: date not in logs = No (or only partial) logs exist for the day queried WARNING: untranslated string: day = Day @@ -719,6 +720,7 @@ WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rul WARNING: untranslated string: empty = This field may be left blank WARNING: untranslated string: empty profile = empty WARNING: untranslated string: enable ignore filter = Enable ignore filter +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: enabled = Enabled: WARNING: untranslated string: enabled on = Enabled on WARNING: untranslated string: encapsulation = Encapsulation @@ -745,6 +747,7 @@ WARNING: untranslated string: extrahd maybe the device is in use = . Maybe the d WARNING: untranslated string: extrahd to = to WARNING: untranslated string: extrahd to root = to root WARNING: untranslated string: extrahd you cant mount = You can't mount +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: false classnumber = The Class-Number does not match the interface. WARNING: untranslated string: false max bandwith = Maximum bandwith is false. WARNING: untranslated string: false min bandwith = Minimum bandwith is false. @@ -791,7 +794,9 @@ WARNING: untranslated string: fixed ip lease added = Fixed IP lease added WARNING: untranslated string: fixed ip lease modified = Fixed IP lease modified WARNING: untranslated string: fixed ip lease removed = Fixed IP lease removed WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced WARNING: untranslated string: force user = force all new file to user +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: free = Free WARNING: untranslated string: free memory = Free Memory @@ -1257,6 +1262,7 @@ WARNING: untranslated string: meaning = meaning WARNING: untranslated string: media = Media WARNING: untranslated string: media information = Media information WARNING: untranslated string: medium = Medium +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: memory = Memory WARNING: untranslated string: memory information = Memory information WARNING: untranslated string: memory usage per = Memory Usage per @@ -1269,6 +1275,7 @@ WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute WARNING: untranslated string: minutes = Minutes WARNING: untranslated string: misc-options = Miscellaneous options +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mode = Mode WARNING: untranslated string: model = Model WARNING: untranslated string: modem = Modem @@ -1336,6 +1343,7 @@ WARNING: untranslated string: none = none WARNING: untranslated string: none found = none found WARNING: untranslated string: not a valid ca certificate = Not a valid CA certificate. WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: not enough disk space = Not enough disk space WARNING: untranslated string: not present = Not present WARNING: untranslated string: not running = not running @@ -1460,6 +1468,7 @@ WARNING: untranslated string: persistent = Persistent WARNING: untranslated string: pfs yes no = Perfect Forward Secrecy (PFS) WARNING: untranslated string: pkcs12 file password = PKCS12 File Password WARNING: untranslated string: play = Play +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: policy = Policy WARNING: untranslated string: port = Port WARNING: untranslated string: portscans = portscancs @@ -1482,6 +1491,7 @@ WARNING: untranslated string: printing = Printing WARNING: untranslated string: printing options = printing options WARNING: untranslated string: priority = Priority WARNING: untranslated string: processes = Processes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: profile = Profile WARNING: untranslated string: profile deleted = Profile deleted: WARNING: untranslated string: profile has errors = Profile has errors @@ -1634,6 +1644,9 @@ WARNING: untranslated string: source port = Source port WARNING: untranslated string: source port numbers = Source port must be a valid port number or port range. WARNING: untranslated string: speaker off = Speaker off: WARNING: untranslated string: speaker on = Speaker on: +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: src port = Src Port WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh access = SSH Access @@ -2094,6 +2107,8 @@ WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn subjectaltname = Subject Alt Name WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: waiting to synchronize clock = Waiting to synchronize clock WARNING: untranslated string: warning messages = Warning messages WARNING: untranslated string: was deleted = was deleted diff --git a/doc/language_issues.es b/doc/language_issues.es index 2ffea2f43e..7eecf5bb0b 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -664,7 +664,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -782,6 +782,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -843,9 +844,11 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: fireinfo ipfire version = IPFire version WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled @@ -875,6 +878,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1124,9 +1129,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1147,6 +1154,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1189,9 +1197,11 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1216,6 +1226,9 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1311,6 +1324,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 950e4713d5..1d034ff35f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -794,8 +794,13 @@ WARNING: untranslated string: advproxy wpad notice = Notice: For WPAD/PAC to wor WARNING: untranslated string: advproxy wpad title = Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC) WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: generate ptr = Generate PTR @@ -847,18 +852,28 @@ WARNING: untranslated string: ids show = Show WARNING: untranslated string: ids working = Changes are being applied. Please wait until all operations have completed successfully... WARNING: untranslated string: ike lifetime should be between 1 and 8 hours = unknown string WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: system is offline = The system is offline. WARNING: untranslated string: update ruleset = Update ruleset WARNING: untranslated string: vpn statistics n2n = unknown string +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.it b/doc/language_issues.it index 3acfd5ba9c..27b33fdae5 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -754,7 +754,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -813,6 +813,7 @@ WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: check all = Check all WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136): WARNING: untranslated string: dhcp dns key name = Key Name @@ -843,6 +844,8 @@ WARNING: untranslated string: email testmail = Send test mail WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -851,6 +854,8 @@ WARNING: untranslated string: firewall log country = Firewall log (Country) WARNING: untranslated string: firewall log ip = Firewall log (IP) WARNING: untranslated string: firewall log port = Firewall log (Port) WARNING: untranslated string: five minutes = 5 Minutes +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections @@ -950,10 +955,13 @@ WARNING: untranslated string: masquerade orange = Masquerade ORANGE WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mtu = MTU WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week @@ -965,9 +973,11 @@ WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore.
Please update to the latest IPFire version and generate a new root and host certificate.

All OpenVPN clients needs then to be renewed!
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: required field = Required field @@ -978,6 +988,9 @@ WARNING: untranslated string: routing table = unknown string WARNING: untranslated string: samba join a domain = Join a domain WARNING: untranslated string: samba join domain = Join domain WARNING: untranslated string: search = Search +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -1012,6 +1025,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity WARNING: untranslated string: wlan client auth auto = Auto diff --git a/doc/language_issues.nl b/doc/language_issues.nl index ac0093776e..6d8fabebdf 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -748,7 +748,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -809,6 +809,7 @@ WARNING: untranslated string: capabilities = Capabilities WARNING: untranslated string: check all = Check all WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dh = Diffie-Hellman parameters @@ -852,6 +853,8 @@ WARNING: untranslated string: email testmail = Send test mail WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -861,6 +864,8 @@ WARNING: untranslated string: firewall log ip = Firewall log (IP) WARNING: untranslated string: firewall log port = Firewall log (Port) WARNING: untranslated string: firewall logs country = Fw-Loggraphs (Country) WARNING: untranslated string: five minutes = 5 Minutes +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwdfw err concon = Invalid number for concurrent connections @@ -963,7 +968,9 @@ WARNING: untranslated string: masquerade orange = Masquerade ORANGE WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -983,6 +990,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month WARNING: untranslated string: one week = One Week @@ -1001,9 +1009,11 @@ WARNING: untranslated string: ovpn generating the root and host certificates = G WARNING: untranslated string: ovpn ha = Hash algorithm WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: random number generator daemon = Random Number Generator Daemon WARNING: untranslated string: rdns = rDNS @@ -1019,6 +1029,9 @@ WARNING: untranslated string: show dh = Show Diffie-Hellman parameters WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -1056,6 +1069,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client anonymous identity = Anonymous Identity WARNING: untranslated string: wlan client auth auto = Auto diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2ffea2f43e..7eecf5bb0b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -664,7 +664,7 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -782,6 +782,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -843,9 +844,11 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: fireinfo ipfire version = IPFire version WARNING: untranslated string: fireinfo is disabled = Fireinfo is disabled @@ -875,6 +878,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1124,9 +1129,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1147,6 +1154,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1189,9 +1197,11 @@ WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is no WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. WARNING: untranslated string: pakfire ago = ago. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1216,6 +1226,9 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1311,6 +1324,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 8923c2705b..8048df540a 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -666,7 +666,7 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: 24 hours = 24 Hours WARNING: untranslated string: Add a route = Add a route WARNING: untranslated string: Captive = Captive Portal -WARNING: untranslated string: Captive ACTIVATE = ACTIVATE +WARNING: untranslated string: Captive ACTIVATE = unknown string WARNING: untranslated string: Captive GAIN ACCESS = GAIN ACCESS WARNING: untranslated string: Captive WiFi coupon = WiFi Coupon WARNING: untranslated string: Captive activated = Activated @@ -785,6 +785,7 @@ WARNING: untranslated string: country codes and flags = Country Codes and Flags: WARNING: untranslated string: countrycode = Code WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: dead peer detection = Dead Peer Detection WARNING: untranslated string: default = Default WARNING: untranslated string: default IP address = Default IP Address @@ -847,6 +848,7 @@ WARNING: untranslated string: email tls = Use TLS WARNING: untranslated string: email usemail = Activate Mail Service WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules WARNING: untranslated string: emerging rules = Emergingthreats.net Community Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) WARNING: untranslated string: encryption = Encryption: WARNING: untranslated string: entropy = Entropy WARNING: untranslated string: entropy graphs = Entropy Graphs @@ -857,6 +859,7 @@ WARNING: untranslated string: extrahd maybe the device is in use = . Maybe the d WARNING: untranslated string: extrahd to = to WARNING: untranslated string: extrahd to root = to root WARNING: untranslated string: extrahd you cant mount = You can't mount +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL WARNING: untranslated string: fifteen minutes = 15 Minutes WARNING: untranslated string: firewall graph country = Firewall-Diagram (Country) WARNING: untranslated string: firewall graph ip = Firewall-Diagram (IP) @@ -869,6 +872,8 @@ WARNING: untranslated string: firewall rules = Firewall Rules WARNING: untranslated string: first = First WARNING: untranslated string: five minutes = 5 Minutes WARNING: untranslated string: flag = Flag +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: four hours = 4 Hours WARNING: untranslated string: fw default drop = Firewall policy WARNING: untranslated string: fw settings = Firewall settings @@ -1126,9 +1131,11 @@ WARNING: untranslated string: masquerading = Masquerading WARNING: untranslated string: masquerading disabled = Masquerading disabled WARNING: untranslated string: masquerading enabled = Masquerading enabled WARNING: untranslated string: maximum = Maximum +WARNING: untranslated string: meltdown = Meltdown WARNING: untranslated string: messages = Messages WARNING: untranslated string: minimum = Minimum WARNING: untranslated string: minute = Minute +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: model = Model WARNING: untranslated string: modem hardware details = Modem Hardware WARNING: untranslated string: modem information = Modem Information @@ -1149,6 +1156,7 @@ WARNING: untranslated string: nameserver = Nameserver WARNING: untranslated string: no data = unknown string WARNING: untranslated string: none = none WARNING: untranslated string: not a valid dh key = Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format. +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: notice = Notice WARNING: untranslated string: one hour = One Hour WARNING: untranslated string: one month = One Month @@ -1185,9 +1193,11 @@ WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
WARNING: untranslated string: p2p block = P2P networks WARNING: untranslated string: p2p block save notice = Please reload the firewall ruleset in order to apply your changes. +WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: pptp netconfig = My Net Config WARNING: untranslated string: pptp peer = Peer WARNING: untranslated string: pptp route = PPTP Route +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: proxy reports = Proxy Reports WARNING: untranslated string: proxy reports daily = Daily reports WARNING: untranslated string: proxy reports monthly = Monthly reports @@ -1212,6 +1222,9 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: snat new source ip address = New source IP address WARNING: untranslated string: software version = Software Version WARNING: untranslated string: source ip country = Source IP Country +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh = SSH WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding @@ -1306,6 +1319,8 @@ WARNING: untranslated string: vpn statistic rw = VPN: Roadwarrior Statistics WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vpn weak = Weak +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wireless network = WiFi Network WARNING: untranslated string: wlan client = Wireless client WARNING: untranslated string: wlan client advanced settings = Advanced settings diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 42c7811bf2..c594b16522 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -796,12 +796,17 @@ WARNING: untranslated string: advproxy wpad view pac = Open PAC File WARNING: untranslated string: bytes = unknown string WARNING: untranslated string: crypto error = Cryptographic error WARNING: untranslated string: crypto warning = Cryptographic warning +WARNING: untranslated string: dangerous = Dangerous WARNING: untranslated string: default IP address = Default IP Address WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dnsforward dnssec disabled = DNSSEC Validation is disabled WARNING: untranslated string: dnsforward forward_servers = Nameservers WARNING: untranslated string: emerging pro rules = Emergingthreats.net Pro Rules +WARNING: untranslated string: enable smt = Enable Simultaneous Multi-Threading (SMT) +WARNING: untranslated string: fallout zombieload ridl = Fallout/ZombieLoad/RIDL +WARNING: untranslated string: force enable = Forced +WARNING: untranslated string: foreshadow = Foreshadow WARNING: untranslated string: fwdfw all subnets = All subnets WARNING: untranslated string: fwhost cust geoipgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string @@ -869,17 +874,25 @@ WARNING: untranslated string: ipsec mode transport = Transport WARNING: untranslated string: ipsec mode tunnel = Tunnel WARNING: untranslated string: ipsec settings = IPsec Settings WARNING: untranslated string: local ip address = Local IP Address +WARNING: untranslated string: meltdown = Meltdown +WARNING: untranslated string: mitigated = Mitigated WARNING: untranslated string: mtu = MTU WARNING: untranslated string: no data = unknown string +WARNING: untranslated string: not affected = Not Affected WARNING: untranslated string: ovpn error dh = The Diffie-Hellman parameter needs to be in minimum 2048 bit!
Please generate or upload a new Diffie-Hellman parameter, this can be made below in the section "Diffie-Hellman parameters options".
WARNING: untranslated string: ovpn error md5 = You host certificate uses MD5 for the signature which is not accepted anymore.
Please update to the latest IPFire version and generate a new root and host certificate.

All OpenVPN clients needs then to be renewed!
WARNING: untranslated string: ovpn tls auth = TLS Channel Protection: WARNING: untranslated string: ovpn warning rfc3280 = Your host certificate is not RFC3280 compliant.
Please update to the latest IPFire version and generate as soon as possible a new root and host certificate.

All OpenVPN clients needs then to be renewed!
+WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes +WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: ptr = PTR WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: routing table = unknown string +WARNING: untranslated string: spectre variant 1 = Spectre Variant 1 +WARNING: untranslated string: spectre variant 2 = Spectre Variant 2 +WARNING: untranslated string: spectre variant 4 = Spectre Variant 4 WARNING: untranslated string: ssh active sessions = Active logins WARNING: untranslated string: ssh agent forwarding = Allow SSH Agent Forwarding WARNING: untranslated string: ssh login time = Logged in since @@ -892,6 +905,8 @@ WARNING: untranslated string: update ruleset = Update ruleset WARNING: untranslated string: vpn start action add = Wait for connection initiation WARNING: untranslated string: vpn statistics n2n = unknown string WARNING: untranslated string: vpn wait = WAITING +WARNING: untranslated string: vulnerability = Vulnerability +WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_missings b/doc/language_missings index 7b779054d6..412885b7c3 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -29,6 +29,7 @@ < community rules < could not connect to www ipfire org < cryptographic settings +< dangerous < dead peer detection < default IP address < dhcp server disabled on blue interface @@ -37,6 +38,10 @@ < done < emerging pro rules < emerging rules +< enable smt +< fallout zombieload ridl +< force enable +< foreshadow < g.dtm < g.lite < guardian @@ -45,18 +50,28 @@ < ids show < insert removable device < interface mode +< meltdown +< mitigated +< not affected < notes +< please reboot to apply your changes +< processor vulnerability mitigations < quick control < shaping add options < show areas < show lines < show tls-auth key +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < teovpn_fragment < tor bridge enabled < tor errmsg invalid node id < updxlrtr used by < upload fcdsl.o < vpn configuration main +< vulnerability +< vulnerable ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -100,7 +115,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -202,6 +216,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < dead peer detection < default < default ip @@ -271,10 +286,12 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs < error +< fallout zombieload ridl < fifteen minutes < fireinfo ipfire version < fireinfo is disabled @@ -304,6 +321,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < fw default drop @@ -568,9 +587,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -592,6 +613,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -659,9 +681,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -684,6 +708,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -791,6 +818,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -875,10 +904,15 @@ < advproxy wpad view pac < Captive delete logo < Daily +< dangerous < Disabled < dnsforward dnssec disabled < emerging pro rules +< enable smt < error +< fallout zombieload ridl +< force enable +< foreshadow < generate ptr < ids apply < ids apply ruleset changes @@ -898,12 +932,22 @@ < ids show < ids working < intrusion prevention system +< meltdown +< mitigated +< not affected < ovpn tls auth +< please reboot to apply your changes +< processor vulnerability mitigations < ptr < runmode +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh agent forwarding < system is offline < update ruleset +< vulnerability +< vulnerable < Weekly < wlanap auto < wlanap broadcast ssid @@ -950,7 +994,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1005,6 +1048,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default IP address < dhcp dns enable update < dhcp dns key name @@ -1040,7 +1084,9 @@ < email tls < email usemail < emerging pro rules +< enable smt < error +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1049,6 +1095,8 @@ < firewall log ip < firewall log port < five minutes +< force enable +< foreshadow < four hours < fwdfw all subnets < fwdfw err concon @@ -1120,10 +1168,13 @@ < masquerading < masquerading disabled < masquerading enabled +< meltdown < messages +< mitigated < mtu < MTU settings < none +< not affected < Number of Countries for the pie chart < one hour < one month @@ -1136,9 +1187,11 @@ < ovpn error md5 < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < ptr < rdns < required field @@ -1146,6 +1199,9 @@ < samba join a domain < samba join domain < search +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -1179,6 +1235,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -1247,7 +1305,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1302,6 +1359,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default < default IP address < dh @@ -1352,7 +1410,9 @@ < email tls < email usemail < emerging pro rules +< enable smt < error +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1362,6 +1422,8 @@ < firewall log port < firewall logs country < five minutes +< force enable +< foreshadow < four hours < fwdfw all subnets < fwdfw err concon @@ -1436,7 +1498,9 @@ < masquerading < masquerading disabled < masquerading enabled +< meltdown < messages +< mitigated < model < modem hardware details < modem information @@ -1456,6 +1520,7 @@ < nameserver < never < none +< not affected < not a valid dh key < Number of Countries for the pie chart < one hour @@ -1478,9 +1543,11 @@ < ovpn reneg sec < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < ptr < random number generator daemon < rdns @@ -1493,6 +1560,9 @@ < show tls-auth key < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -1530,6 +1600,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -1611,7 +1683,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -1714,6 +1785,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < dead peer detection < default < default ip @@ -1783,6 +1855,7 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs @@ -1796,6 +1869,7 @@ < extrahd unable to read < extrahd unable to write < extrahd you cant mount +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -1808,6 +1882,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < fw default drop @@ -2082,9 +2158,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -2106,6 +2184,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -2159,9 +2238,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -2183,6 +2264,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -2289,6 +2373,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < Weekly < wireless network < wlanap @@ -2403,7 +2489,6 @@ < Captive 1month < Captive 1week < Captive activate -< Captive ACTIVATE < Captive activated < Captive active on < Captive agree tac @@ -2506,6 +2591,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < day-graph < dead peer detection < default @@ -2578,6 +2664,7 @@ < email usemail < emerging pro rules < emerging rules +< enable smt < encryption < entropy < entropy graphs @@ -2591,6 +2678,7 @@ < extrahd unable to read < extrahd unable to write < extrahd you cant mount +< fallout zombieload ridl < fifteen minutes < firewall graph country < firewall graph ip @@ -2603,6 +2691,8 @@ < first < five minutes < flag +< force enable +< foreshadow < forward firewall < four hours < frequency @@ -2880,9 +2970,11 @@ < maximum < MB read < MB written +< meltdown < messages < minimum < minute +< mitigated < model < modem hardware details < modem information @@ -2905,6 +2997,7 @@ < never < no hardware random number generator < none +< not affected < not a valid dh key < notice < Number of Countries for the pie chart @@ -2955,9 +3048,11 @@ < ovpn warning rfc3280 < p2p block < p2p block save notice +< please reboot to apply your changes < pptp netconfig < pptp peer < pptp route +< processor vulnerability mitigations < proxy reports < proxy reports daily < proxy reports monthly @@ -2979,6 +3074,9 @@ < snat new source ip address < software version < source ip country +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh < ssh active sessions < ssh agent forwarding @@ -3085,6 +3183,8 @@ < vpn statistic rw < vpn wait < vpn weak +< vulnerability +< vulnerable < week-graph < Weekly < wireless network @@ -3174,6 +3274,7 @@ < cryptographic settings < crypto warning < Daily +< dangerous < default IP address < Disabled < dns forward disable dnssec @@ -3181,7 +3282,11 @@ < dnsforward forward_servers < dns forwarding dnssec disabled notice < emerging pro rules +< enable smt < error +< fallout zombieload ridl +< force enable +< foreshadow < fwdfw all subnets < generate ptr < ids apply @@ -3217,13 +3322,21 @@ < ipsec mode tunnel < ipsec settings < local ip address +< meltdown +< mitigated < mtu +< not affected < ovpn error dh < ovpn error md5 < ovpn tls auth < ovpn warning rfc3280 +< please reboot to apply your changes +< processor vulnerability mitigations < ptr < runmode +< spectre variant 1 +< spectre variant 2 +< spectre variant 4 < ssh active sessions < ssh agent forwarding < ssh login time @@ -3235,6 +3348,8 @@ < update ruleset < vpn start action add < vpn wait +< vulnerability +< vulnerable < Weekly < wlanap auto < wlanap broadcast ssid diff --git a/html/cgi-bin/security.cgi b/html/cgi-bin/security.cgi new file mode 100644 index 0000000000..8c9c5eddc8 --- /dev/null +++ b/html/cgi-bin/security.cgi @@ -0,0 +1,224 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2019 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +my %VULNERABILITIES = ( + "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)", + "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)", + "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)", + "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)", + "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)", + "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)", +); + +my $errormessage = ""; +my $notice = ""; + +my %mainsettings = (); +my %color = (); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +my %settings = ( + "ENABLE_SMT" => "auto", +); +&General::readhash("${General::swroot}/main/security", \%settings); + +&Header::showhttpheaders(); + +&Header::getcgihash(\%settings); + +if ($settings{'ACTION'} eq $Lang::tr{'save'}) { + if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) { + $errormessage = $Lang::tr{'invalid input'}; + } + + unless ($errormessage) { + &General::writehash("${General::swroot}/main/security", \%settings); + $notice = $Lang::tr{'please reboot to apply your changes'}; + } +} + +my %checked = (); +$checked{'ENABLE_SMT'}{'auto'} = ''; +$checked{'ENABLE_SMT'}{'on'} = ''; +$checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked"; + +&Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, ''); + +&Header::openbigbox("100%", "left", "", $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage"; + &Header::closebox(); +} + +if ($notice) { + &Header::openbox('100%', 'left', $Lang::tr{'notice'}); + print "$notice"; + &Header::closebox(); +} + +&Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'}); + +print < + + + + $Lang::tr{'vulnerability'} + + + $Lang::tr{'status'} + + + + +END + +my $id = 0; +for my $vuln (sort keys %VULNERABILITIES) { + my ($status, $message) = &check_status($vuln); + next if (!$status); + + my $colour = ""; + my $bgcolour = ""; + my $status_message = ""; + + # Not affected + if ($status eq "Not affected") { + $status_message = $Lang::tr{'not affected'}; + $colour = "white"; + $bgcolour = ${Header::colourblack}; + + # Vulnerable + } elsif ($status eq "Vulnerable") { + $status_message = $Lang::tr{'vulnerable'}; + $colour = "white"; + $bgcolour = ${Header::colourred}; + + # Mitigated + } elsif ($status eq "Mitigation") { + $status_message = $Lang::tr{'mitigated'}; + $colour = "black"; + $bgcolour = ${Header::colourorange}; + + } else { + next; + } + + my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; + + print < + + $VULNERABILITIES{$vuln} + + + + +END + if ($message) { + print "$status_message: $message"; + } else { + print "$status_message"; + } + + print < + + +END + } + +print < + +END + +&Header::closebox(); + +print "
\n"; + +&Header::openbox('100%', 'center', $Lang::tr{'settings'}); + +print < + + + + $Lang::tr{'enable smt'} + + + + / + + + + + + + + + + + +END + +&Header::closebox(); + +print "\n"; + +&Header::closebigbox(); + +&Header::closepage(); + +sub check_status($) { + my $vuln = shift; + + open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef; + my $status = ; + close(FILE); + + if ($status =~ /^(Mitigation): (.*)$/) { + return ($1, $2); + } + + return $status; +} diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8b43872a30..103154c569 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -12,7 +12,6 @@ 'Captive 1day' => '1 day', 'Captive 1month' => '1 month', 'Captive 1week' => '1 week', -'Captive ACTIVATE' => 'ACTIVATE', 'Captive GAIN ACCESS' => 'GAIN ACCESS', 'Captive WiFi coupon' => 'WiFi Coupon', 'Captive activate' => 'Activate', @@ -713,6 +712,7 @@ 'custom networks' => 'Custom networks', 'custom services' => 'Custom services', 'daily firewallhits' => 'daily firewallhits', +'dangerous' => 'Dangerous', 'dat without key' => 'An encrypted archive cannot be restored without the key.', 'date' => 'Date', 'date not in logs' => 'No (or only partial) logs exist for the day queried', @@ -970,6 +970,7 @@ 'empty profile' => 'empty', 'enable ignore filter' => 'Enable ignore filter', 'enable javascript' => 'Enable javascript', +'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)', 'enable wildcards' => 'Enable wildcards:', 'enabled' => 'Enabled:', 'enabled on' => 'Enabled on', @@ -1027,6 +1028,7 @@ 'extrahd unable to read' => 'Unable to read', 'extrahd unable to write' => 'Unable to write', 'extrahd you cant mount' => 'You can\'t mount', +'fallout zombieload ridl' => 'Fallout/ZombieLoad/RIDL', 'false classnumber' => 'The Class-Number does not match the interface.', 'false max bandwith' => 'Maximum bandwith is false.', 'false min bandwith' => 'Minimum bandwith is false.', @@ -1076,8 +1078,10 @@ 'fixed ip lease modified' => 'Fixed IP lease modified', 'fixed ip lease removed' => 'Fixed IP lease removed', 'flag' => 'Flag', +'force enable' => 'Forced', 'force update' => 'Force update', 'force user' => 'force all new file to user', +'foreshadow' => 'Foreshadow', 'forward firewall' => 'Firewall', 'forwarding rule added' => 'Forwarding rule added; restarting forwarder', 'forwarding rule removed' => 'Forwarding rule removed; restarting forwarder', @@ -1668,6 +1672,7 @@ 'media' => 'Media', 'media information' => 'Media information', 'medium' => 'Medium', +'meltdown' => 'Meltdown', 'memory' => 'Memory', 'memory information' => 'Memory information', 'memory usage per' => 'Memory Usage per', @@ -1684,6 +1689,7 @@ 'misc-options' => 'Miscellaneous options', 'missing dat' => 'Encrypted archive not found', 'missing gz' => 'Unencrypted archive not found', +'mitigated' => 'Mitigated', 'mode' => 'Mode', 'model' => 'Model', 'modem' => 'Modem', @@ -1792,6 +1798,7 @@ 'noservicename' => 'No Service Name entered', 'not a valid ca certificate' => 'Not a valid CA certificate.', 'not a valid dh key' => 'Not a valid Diffie-Hellman parameters file. Please use a length of 2048, 3072 or 4096 bits and the PKCS#3 format.', +'not affected' => 'Not Affected', 'not enough disk space' => 'Not enough disk space', 'not present' => 'Not present', 'not running' => 'not running', @@ -1991,6 +1998,7 @@ 'ping disabled' => 'Disable ping response', 'pkcs12 file password' => 'PKCS12 File Password', 'play' => 'Play', +'please reboot to apply your changes' => 'Please reboot to apply your changes', 'polfile' => 'Polfile', 'policy' => 'Policy', 'port' => 'Port', @@ -2019,6 +2027,7 @@ 'printing options' => 'printing options', 'priority' => 'Priority', 'processes' => 'Processes', +'processor vulnerability mitigations' => 'Processor Vulnerability Mitigations', 'profile' => 'Profile', 'profile deleted' => 'Profile deleted: ', 'profile has errors' => 'Profile has errors', @@ -2231,6 +2240,9 @@ 'source port overlaps' => 'Source port range overlaps an existing port range.', 'speaker off' => 'Speaker off:', 'speaker on' => 'Speaker on:', +'spectre variant 1' => 'Spectre Variant 1', +'spectre variant 2' => 'Spectre Variant 2', +'spectre variant 4' => 'Spectre Variant 4', 'squid extension methods' => 'Your extension_methods list', 'squid extension methods invalid' => 'Your \'extension_methods\' list can only contain uppercase words of letters and digits, separated with a space. ', 'squid fix cache' => 'Repair cache', @@ -2821,6 +2833,8 @@ 'vpn wait' => 'WAITING', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', 'vpn weak' => 'Weak', +'vulnerability' => 'Vulnerability', +'vulnerable' => 'Vulnerable', 'waiting to synchronize clock' => 'Waiting to synchronize clock', 'warn when traffic reaches' => 'Warn when traffic reaches x %', 'warning messages' => 'Warning messages', -- 2.39.2