]>
git.ipfire.org Git - people/stevee/ipfire-2.x.git/log
Stefan Schantl [Wed, 22 Oct 2014 17:26:26 +0000 (19:26 +0200)]
guardian: Add configfile for logrotate.
Kim Wölfel [Wed, 22 Oct 2014 16:23:31 +0000 (18:23 +0200)]
guardian: Add PriorityLevel.
The priority is used for snort rules to describe how relevant the alert is.
With this new option, alerts with less importance can be ignored.
Stefan Schantl [Tue, 21 Oct 2014 19:55:07 +0000 (21:55 +0200)]
guardian.cgi: Reload guardian if config or the ignorelist changes.
Stefan Schantl [Mon, 20 Oct 2014 19:03:48 +0000 (21:03 +0200)]
guardianctrl: Add command "reload".
This command is used to send a SIGHUP to the guardian process, to perform
a reload of the configuration.
Stefan Schantl [Mon, 20 Oct 2014 18:51:14 +0000 (20:51 +0200)]
guardian: Write-out process id to pidfile (/run/guardian.pid).
Stefan Schantl [Sun, 19 Oct 2014 18:23:04 +0000 (20:23 +0200)]
guardian: Drop .pl extension and move to /usr/bin.
Stefan Schantl [Sun, 19 Oct 2014 18:11:25 +0000 (20:11 +0200)]
Merge branch 'guardian-improved' of ssh://git.ipfire.org/pub/git/people/stevee/ipfire-2.x into guardian-improved
Stefan Schantl [Sun, 19 Oct 2014 18:10:37 +0000 (20:10 +0200)]
Add new/missing language strings.
Stefan Schantl [Sun, 19 Oct 2014 18:00:04 +0000 (20:00 +0200)]
Merge branch 'guardian-improved' of ssh://git.ipfire.org/pub/git/people/stevee/ipfire-2.x into guardian-improved
Stefan Schantl [Sun, 19 Oct 2014 17:58:45 +0000 (19:58 +0200)]
guardian.cgi: Add option to configure the BlockCount.
Some small code fixes.
Stefan Schantl [Sun, 19 Oct 2014 14:46:38 +0000 (16:46 +0200)]
guardian.cgi: Accidently hardcoded some descriptions.
Stefan Schantl [Sun, 19 Oct 2014 14:43:32 +0000 (16:43 +0200)]
guardian.cgi: Add dropdown to select the used loglevel.
Stefan Schantl [Sun, 19 Oct 2014 13:39:02 +0000 (15:39 +0200)]
guardian: Introduce BlockCount.
It is now possible to define the blocking count when an attacker should be
blocked in the configfile.
Stefan Schantl [Sun, 19 Oct 2014 12:07:56 +0000 (14:07 +0200)]
guardian: Update term to set a build-in function as enabled.
Stefan Schantl [Sun, 19 Oct 2014 12:01:48 +0000 (14:01 +0200)]
guardian.cgi: Remove code for options which have been dropped from guardian.
Guardian does not longer require the information for the red interface from
the configfile.
Guardian does not longer support a targetfile.
Stefan Schantl [Sun, 19 Oct 2014 11:57:30 +0000 (13:57 +0200)]
guardian.cgi: Add options to enable/disable some built-in functions from guardian.
This commit allows to enable or disable the monitoring of the snort alertfile
and to switch off the blocking of SSH and HTTPD Brute-force attempts.
Stefan Schantl [Sat, 18 Oct 2014 15:59:03 +0000 (17:59 +0200)]
guardian: Exit if no files are watched.
Stefan Schantl [Sat, 18 Oct 2014 14:59:09 +0000 (16:59 +0200)]
guardian: Allow to enable/disable built-in functions.
In the configfile now can be specified to disable built-in functions (snort, ssh, apache2).
If the configuration does not contain any relevant information, the default values will be used
which enables all three functions.
Stefan Schantl [Sat, 18 Oct 2014 13:44:51 +0000 (15:44 +0200)]
guardian: Get path for apache2 error log from configfile.
Stefan Schantl [Thu, 16 Oct 2014 20:03:45 +0000 (22:03 +0200)]
guardian: Rework header, bump to version 2.0.
Stefan Schantl [Thu, 16 Oct 2014 19:53:33 +0000 (21:53 +0200)]
guardian: Handle sighup signals.
We now can capture and handle sighup signals, to perform a reload
of the config file, re-read the ignorefile and recreate the ignorehash and
finally to grab possible alias addresses from red and re-add them to the ignorehash.
Stefan Schantl [Thu, 16 Oct 2014 19:18:11 +0000 (21:18 +0200)]
guardian: Rework daemonize function.
Stefan Schantl [Thu, 16 Oct 2014 19:02:03 +0000 (21:02 +0200)]
guardian: Rework logging.
Introduce LogLevel and drop the debugger subroutine.
Stefan Schantl [Mon, 13 Oct 2014 16:08:54 +0000 (18:08 +0200)]
guardian: Use strict.
Stefan Schantl [Sun, 12 Oct 2014 19:38:59 +0000 (21:38 +0200)]
guardian: Call sub to check if an address block has expired.
Some more code cleanup as well.
Stefan Schantl [Sun, 12 Oct 2014 13:50:14 +0000 (15:50 +0200)]
guardian: Rename blockhash to addresshash.
Stefan Schantl [Sun, 12 Oct 2014 13:26:38 +0000 (15:26 +0200)]
guardian: Validate input from ignorefile.
Stefan Schantl [Sun, 12 Oct 2014 12:34:15 +0000 (14:34 +0200)]
guardian: Drop targethash and support for targetfile.
The targetfile acted as kind of a blacklist to instantly block
a source when a packet was send to a target on that list.
This better should be done by firewall rules.
Stefan Schantl [Sun, 12 Oct 2014 11:15:08 +0000 (13:15 +0200)]
guardian: Use Inotify for detecting file modifications.
If a monitored file gets modified, guardian now recognizes this by
using the inotify interface provided from the Linux kernel and stores
this information in a processing queue.
This is a more efficent way than the old one, which periodly checked if the
filesize had been changed.
Also doing some more code cleanup and add input validation.
Stefan Schantl [Tue, 7 Oct 2014 17:26:35 +0000 (19:26 +0200)]
make.sh: Build perl-common-sense and perl-inotify2.
Stefan Schantl [Tue, 7 Oct 2014 17:25:11 +0000 (19:25 +0200)]
perl-inotify2: New package.
This module contains inotify bindings for perl, used by the extendend guardian.
Stefan Schantl [Tue, 7 Oct 2014 17:24:11 +0000 (19:24 +0200)]
perl-common-sense: New package.
This is a runtime dependency for perl-inotify2.
Stefan Schantl [Fri, 3 Oct 2014 16:00:22 +0000 (18:00 +0200)]
guardian: Introduce debugger.
Splitt the existing write_log function into two seperate functions to handle
the write out of debug messages if guardian has been launched in debug mode and
content we want to store in the logfile.
This will prevent us from bloating up the logfile with debug stuff.
Stefan Schantl [Thu, 2 Oct 2014 19:42:27 +0000 (21:42 +0200)]
guardian: Use Getop::Std.
Stefan Schantl [Sat, 9 Aug 2014 09:29:57 +0000 (11:29 +0200)]
Revert "Add changed files to Core Update 80."
This reverts commit
1a9c90696fda08c981ab73a9427907792f9f1812 .
Stefan Schantl [Sat, 9 Aug 2014 08:35:32 +0000 (10:35 +0200)]
guardian.cgi: Remove code for Blockinterfaces.
We don't need this code anymore because we dropped interface support
from guardian.
Stefan Schantl [Sat, 9 Aug 2014 08:10:54 +0000 (10:10 +0200)]
guardian: Drop last parts for block_interface.
Drop the last code parts for block_interface.
Stefan Schantl [Sat, 9 Aug 2014 07:56:33 +0000 (09:56 +0200)]
guardian: Rename file handles.
Stefan Schantl [Sat, 9 Aug 2014 07:51:23 +0000 (09:51 +0200)]
guardian: Add support to ignore whole subnets.
Stefan Schantl [Sat, 9 Aug 2014 07:50:14 +0000 (09:50 +0200)]
guardian: Code cleanup.
Remove some redundant code parts.
Stefan Schantl [Sat, 5 Jul 2014 15:43:08 +0000 (17:43 +0200)]
guardian: Only provide details if script has been started in debug mode.
Stefan Schantl [Sat, 5 Jul 2014 14:56:02 +0000 (16:56 +0200)]
guardian: Remove output for used OS.
IPFire is based on Linux so there is no need to provide such an info.
Stefan Schantl [Sat, 5 Jul 2014 13:09:50 +0000 (15:09 +0200)]
Connect subboxes with input elements to the main boxes.
Stefan Schantl [Mon, 30 Jun 2014 15:59:28 +0000 (17:59 +0200)]
guardian.cgi: Sort blocked IP addresses.
Stefan Schantl [Sun, 22 Jun 2014 09:30:15 +0000 (11:30 +0200)]
Add changed files to Core Update 80.
Stefan Schantl [Sun, 8 Jun 2014 10:49:40 +0000 (12:49 +0200)]
lfs/guardian: Increase package number.
All changes have been done, so increasing the package number.
Stefan Schantl [Sun, 8 Jun 2014 10:48:53 +0000 (12:48 +0200)]
guardian: Modify code to work with our guardianctrl.
Stefan Schantl [Sun, 8 Jun 2014 10:47:58 +0000 (12:47 +0200)]
guardian.cgi: Add hyperlink to ipinfo page for blocked hosts.
Stefan Schantl [Sun, 8 Jun 2014 10:38:35 +0000 (12:38 +0200)]
guardianctrl: Allow to (un)block subnets.
Stefan Schantl [Tue, 3 Jun 2014 20:37:03 +0000 (22:37 +0200)]
guardian: Rootfile update.
Stefan Schantl [Tue, 3 Jun 2014 20:36:32 +0000 (22:36 +0200)]
guardian.cgi: Autodetect the used interface for red.
Stefan Schantl [Tue, 3 Jun 2014 20:33:18 +0000 (22:33 +0200)]
general-functions.pl: Add function to get the used interface on red.
Stefan Schantl [Sun, 1 Jun 2014 16:34:00 +0000 (18:34 +0200)]
Add menu entry for guardian.cgi.
Display the entry right after the ids one in the services menu.
Stefan Schantl [Sun, 1 Jun 2014 15:32:06 +0000 (17:32 +0200)]
guardian: Add include file for backup.
Stefan Schantl [Sun, 1 Jun 2014 15:25:24 +0000 (17:25 +0200)]
ids.cgi: Remove guardian related code.
Stefan Schantl [Sun, 1 Jun 2014 15:24:23 +0000 (17:24 +0200)]
guardian.cgi: New page to configure and interact with guardian.
Kim Wölfel [Sun, 1 Jun 2014 14:55:43 +0000 (16:55 +0200)]
guardian: Add symlinks for runlevel interaction.
Kim Wölfel [Sun, 1 Jun 2014 14:53:22 +0000 (16:53 +0200)]
guardian: Add initscript.
Kim Wölfel [Sun, 1 Jun 2014 14:41:50 +0000 (16:41 +0200)]
guardian: Add support to detect brute-force attacks to the webinterface login.
Stefan Schantl [Sun, 1 Jun 2014 13:57:33 +0000 (15:57 +0200)]
guardian: Update rootfile.
Stefan Schantl [Sun, 1 Jun 2014 13:55:37 +0000 (15:55 +0200)]
guardian: Tidy up lfs file, add new files for guardian.cgi.
Stefan Schantl [Sun, 1 Jun 2014 13:50:02 +0000 (15:50 +0200)]
guardian: Drop bash scripts.
The guardianctrl binary will replace them.
Stefan Schantl [Sun, 1 Jun 2014 13:40:40 +0000 (15:40 +0200)]
misc-progs: New binary guardianctrl.
This is a helper binary which is used to perform several tasks around guardian
when using guardians page in the webinterface.
Arne Fitzenreiter [Sat, 21 Jun 2014 17:04:33 +0000 (19:04 +0200)]
syslinux: add serial console output.
Arne Fitzenreiter [Sat, 21 Jun 2014 10:41:47 +0000 (12:41 +0200)]
Merge remote-tracking branch 'origin/master' into next
Michael Tremer [Fri, 20 Jun 2014 14:04:47 +0000 (16:04 +0200)]
Rootfile update.
Michael Tremer [Fri, 20 Jun 2014 11:46:06 +0000 (13:46 +0200)]
collectd: Compile fix.
Michael Tremer [Thu, 19 Jun 2014 12:40:56 +0000 (14:40 +0200)]
gpgme: Remove libgpg-error from dependency list
This has become a part of the core system, now.
Michael Tremer [Thu, 19 Jun 2014 12:39:21 +0000 (14:39 +0200)]
strongswan: Update to 5.2.0dr6.
Michael Tremer [Thu, 19 Jun 2014 12:24:13 +0000 (14:24 +0200)]
rng-tools: Update to version 5.
Supports using RDRAND on processors which don't have AES-NI.
Michael Tremer [Thu, 19 Jun 2014 12:23:14 +0000 (14:23 +0200)]
Add new crypto library libgrypt
Michael Tremer [Thu, 19 Jun 2014 12:21:05 +0000 (14:21 +0200)]
core80: Automatically uninstall libgpg-error.
This is not a package any more.
Michael Tremer [Thu, 19 Jun 2014 12:20:13 +0000 (14:20 +0200)]
libgpg-error: Update to version 1.13.
Michael Tremer [Thu, 19 Jun 2014 10:13:41 +0000 (12:13 +0200)]
core80: Add general-functions.pl to updater.
Alexander Marx [Thu, 8 May 2014 12:31:31 +0000 (14:31 +0200)]
General-functions.pl: rewrite getnetworkip without inet_aton
Alexander Marx [Thu, 8 May 2014 12:08:04 +0000 (14:08 +0200)]
General-functions.pl: rewrite IpInSubnet replace inet_ntoa
Michael Tremer [Tue, 17 Jun 2014 17:48:34 +0000 (19:48 +0200)]
Update translations.
Michael Tremer [Tue, 17 Jun 2014 17:47:06 +0000 (19:47 +0200)]
Rewrite redirect_wrapper.
The wrapper had multiple errors in handling the new version of the
squid redirector protocol and was awful to maintain as it did not
fulfill any coding guidelines at all.
Michael Tremer [Tue, 17 Jun 2014 17:30:37 +0000 (19:30 +0200)]
Merge remote-tracking branch 'ummeegge/openvpn'
Michael Tremer [Tue, 17 Jun 2014 17:26:28 +0000 (19:26 +0200)]
core80: Ship setddns.pl.
Michael Tremer [Tue, 17 Jun 2014 17:24:29 +0000 (19:24 +0200)]
Merge remote-tracking branch 'ferstl/dynu-ddns-fix' into next
Arne Fitzenreiter [Tue, 17 Jun 2014 14:11:03 +0000 (16:11 +0200)]
clamav: update to 0.98.4.
Arne Fitzenreiter [Tue, 17 Jun 2014 14:11:03 +0000 (16:11 +0200)]
clamav: update to 0.98.4.
Arne Fitzenreiter [Tue, 17 Jun 2014 11:45:40 +0000 (13:45 +0200)]
kernel: update to 3.10.44.
Stefan Ferstl [Tue, 17 Jun 2014 09:22:21 +0000 (11:22 +0200)]
DDNS: Fix API call for the "Dynu" DDNS service
This affects the DDNS service "dynu.ca dyn.ee dynserv.(ca|org|net|com)".
DNS updates using this service were made using the URL http://dynserv.ca/ . However,
the domain dynserv.ca does not exist anymore. The Dynu service is now only reachable
via the dynu.com domain. This commit changes the API call according to Dynu's
specification on http://www.dynu.com/Default.aspx?page=dnsapi .
Erik Kapfer [Mon, 16 Jun 2014 07:50:20 +0000 (09:50 +0200)]
openvpn: Shortened word to prevent line break.
* Shortened Diffie-Hellman to DH in language files to
affort a better look in WUI.
Arne Fitzenreiter [Sat, 14 Jun 2014 20:21:08 +0000 (22:21 +0200)]
start core80.
Arne Fitzenreiter [Sat, 14 Jun 2014 20:13:37 +0000 (22:13 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Fri, 13 Jun 2014 19:02:45 +0000 (21:02 +0200)]
kernel: add mcs7830 link detection patch.
fixes #10551
Arne Fitzenreiter [Fri, 13 Jun 2014 19:01:56 +0000 (21:01 +0200)]
kernel-header: rootfile update.
Arne Fitzenreiter [Fri, 13 Jun 2014 19:00:36 +0000 (21:00 +0200)]
libpcap: rootfile update.
Michael Tremer [Fri, 13 Jun 2014 10:44:30 +0000 (12:44 +0200)]
leds: Use correct RED interface even when RED_DEV is set.
Erik Kapfer [Thu, 12 Jun 2014 15:36:57 +0000 (17:36 +0200)]
openvpn: Clean up DH download code.
Michael Tremer [Thu, 12 Jun 2014 14:55:29 +0000 (16:55 +0200)]
libpcap: Update to 1.4.0.
Michael Tremer [Thu, 12 Jun 2014 14:44:07 +0000 (16:44 +0200)]
modem-lib.pl: Check if character device exists before trying to connect to it.
Michael Tremer [Thu, 12 Jun 2014 14:31:43 +0000 (16:31 +0200)]
samba: Show a simple example for default shares.
Michael Tremer [Thu, 12 Jun 2014 14:26:55 +0000 (16:26 +0200)]
Merge remote-tracking branch 'ummeegge/openvpn'
Michael Tremer [Thu, 12 Jun 2014 14:21:41 +0000 (16:21 +0200)]
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
Erik Kapfer [Thu, 12 Jun 2014 14:17:02 +0000 (16:17 +0200)]
openvpn:Deleted download possibility for DH param and fixed some typos.
* Deleted DH-parameter download possibility in CA/key chart section.
* Fixed some typos in CA/key section.
Arne Fitzenreiter [Thu, 12 Jun 2014 11:11:46 +0000 (13:11 +0200)]
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x