lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,803 Commits 1 Branch 0 Tags
Commit Graph

69 Commits

Author SHA1 Message Date
Josh Soref
20a3c3da38
Spelling (#5885) 2022-07-18 13:59:03 +02:00
Ad Schellevis
fb041467bf
IDPS : fix typo in https://github.com/opnsense/core/pull/5413 2022-01-08 21:17:01 +00:00
Bryce Verdier
26df508f07
Services / Intrusion detection - downloader.py style fixes (#5413) 2021-12-23 19:41:05 +01:00
Ad Schellevis
67910fbfea Services: Intrusion Detection - rule downloads : gently log when connectivity issues appear. 2021-12-10 17:23:37 +01:00
kulikov-a
035dc45063
IDPS: handle empty metadata value (#5357) 2021-11-15 17:09:26 +01:00
Ad Schellevis
c28567ec1d IDPS: support multiple policy property in metadata, closes https://github.com/opnsense/core/issues/5350 
o allow repetitive metadata tags to be used, representing them as multiline options. Since \n can't exist in rules it should be rather save to concat repeating entries
o convert multiline items in the UI (rule info) (convert \n --> <br/>)
 2021-11-14 18:59:43 +01:00
kulikov-a
3f73088673
rulecache.py: skip empty metadata (#5148) 2021-08-08 11:12:48 +02:00
kulikov-a
8953d038e5
rulecache.py: make manual rule status boolean (#4758) 2021-02-26 14:02:38 +01:00
Ad Schellevis
b465a418a0 IDS policies not mnatching categories. since categories isn't a metadata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes https://github.com/opnsense/core/issues/4695 2021-02-11 11:25:17 +01:00
Ad Schellevis
0101becd99 IDPS: make sure rule overwrites use unique config sections. closes https://github.com/opnsense/core/issues/4667 
We might consider a unique constraint as well, but since duplicates themselves don't hurt that much, this might be good enough.
 2021-02-03 16:25:47 +01:00
Ad Schellevis
be13b6f9e3 IDPS: minor fixes and improvements for new policy feature (https://github.com/opnsense/core/issues/4445). 
o feedback matched policy so we can easily find affective choice in the rule tab
o remove installed_action, installed_status since these values aren't valid anymore
o while here, set <pre/> tag width to a maximum to avoid overflow in alert page

Since values need to be persisted in order to return on query requests, single rule edits can lead to a bit odd behaviour (not toggling until after apply), since modifications are advised to be performed using policies, we will keep this for now.
(the alternative is to hook apply after these changes, which also isn't a great solution)
 2020-12-08 17:20:06 +01:00
Ad Schellevis
74a64ce187 IDPS: bug in policy parser preventing ruleset filter to function. for https://github.com/opnsense/core/issues/4445 2020-11-23 17:48:10 +01:00
Ad Schellevis
1221542a43 IDPS: deprecate filter option on file downloads in favour of new policy option. migrates exsting filters to policies while there. for https://github.com/opnsense/core/issues/4445 2020-11-23 16:42:41 +01:00
Ad Schellevis
a0c043e693 IDS: work in progress policy editor for https://github.com/opnsense/core/issues/4445 
With this commit policies functionally work, but there's still some refactoring todo.
o migrate download filters to a policy
o remove download filter option
o point to policies in the download section
o (maybe) move single rule overwrites to policies as well.
 2020-11-09 15:02:14 +01:00
Ad Schellevis
f082239c5c IDPS: rulecache parse error on invalid metadata, for https://github.com/opnsense/core/issues/4302 2020-08-27 09:56:25 +02:00
Ad Schellevis
5d8302f3c3 IDPS: allow search for status enabled/disabled. 
o one constraint, it will only show "applied" status (since apply flushes to disk)

for https://github.com/opnsense/core/issues/4280
 2020-08-23 19:08:27 +02:00
Ad Schellevis
c122fc622b IDPS: bugfix new rulecache parser (408df257cc), missing escape char. 2020-06-04 16:33:36 +02:00
Ad Schellevis
e08000afbd IDPS: extent rule search with metadata fields (pivot property/value store) and show results on rule info. 2020-06-04 16:16:56 +02:00
Ad Schellevis
27964002c5 IDPS: deprecate classtype in rules table, move functionality to new metadata_histogram table, which contains the relevant rule metadata properties including classtype. 
also removes endpoint /api/ids/settings/listRuleClasstypes
 2020-06-01 16:37:23 +02:00
Ad Schellevis
73f02a14c4 IDPS: support querying of metadata fields, move classtype to new rule_properties table as well. 
backwards compatible with existing ui functionality, contains some cleanups in the same area to increase reability
 2020-05-28 20:31:45 +02:00
Ad Schellevis
408df257cc IDPS: cleanup list_rules() in rulecache and parse all (metadata) tokens while there 2020-05-25 19:35:41 +02:00
Ad Schellevis
2d052a9bde IDPS: simplify download parser a bit further as suggested by @Tra5is (38ea28d0ad) 2020-05-15 18:53:16 +02:00
Ad Schellevis
38ea28d0ad IDPS: rule download, less sensitive rule parsing. for https://github.com/opnsense/core/pull/4115 2020-05-15 11:36:42 +02:00
Ad Schellevis
09f74fe1ce IDS: point Emerging threats open rules to suricata 5 and add a migration for the rules that moved. Includes a small patch to the rule management scripts, so we can support deprecated sets (which should be removed). 2019-12-06 15:47:18 +01:00
Ad Schellevis
16eca2b900 IDSi / rule download, unescape filename , closes https://github.com/opnsense/plugins/issues/1585 2019-11-20 08:57:50 +01:00
Ad Schellevis
10a3012520 IDS: rule downloader, catch UnicodeDecodeError and log. 2019-11-19 08:54:00 +01:00
Ad Schellevis
a71d32808d IDS, convert python scripts from 2 to 3 2019-04-05 14:56:02 +02:00
Ad Schellevis
6de00487f2 IDS, skip flowbits:noalert rules in "filter_frop", for https://github.com/opnsense/core/issues/3386 2019-04-05 10:53:25 +02:00
Ad Schellevis
7b758564cf IDS, support required rules/files in metadata package, closes https://github.com/opnsense/core/issues/3228 2019-02-12 21:22:09 +01:00
Ad Schellevis
692faae42c IDS/IPS, less extensive logging. 
- version info and rules might be cached, only log the uncached actions (first try)
 2019-02-08 20:37:32 +01:00
Franco Fichtner
86c7f6242c src: fix lint-exec pass 2019-01-14 08:14:06 +01:00
Ad Schellevis
b3082fcf68 IDS/rule downloader, improve logging 2018-12-10 09:16:52 +01:00
Ad Schellevis
b38a76a265 IDS/IPS, prevent duplicate download of same target filename, support overlays. for https://github.com/opnsense/core/issues/2885 2018-11-06 20:05:09 +01:00
Ad Schellevis
416b05afa6 IDS/IPS, use content-disposition, for https://github.com/opnsense/core/issues/2885 2018-11-06 20:04:05 +01:00
Ad Schellevis
534c918a4e IDS/ruledownload, improve logging a bit. log http return code when download failed 2018-11-05 21:14:52 +01:00
Ad Schellevis
f43a5c8c58 IDS/IPS rules, add support for version checks, closes https://github.com/opnsense/core/issues/2377 2018-05-01 20:07:27 +02:00
Ad Schellevis
81cb33fbfe IDS/IPS support request headers in ruleset metadata, to support additional authentication methods (besides oink codes in the url) 
<headers>
       <Token>%%myruleset.mytoken%%</Token>
    </headers>
 2018-03-01 21:43:47 +01:00
Ad Schellevis
d567d90012 IPS, cleanup. move libs to shared location 2017-10-16 16:12:59 +02:00
Franco Fichtner
105fb5bb57 intrusion detection: fix for #1825 2017-09-14 14:22:52 +02:00
Ad Schellevis
30fde1ef05 IDS, missing gzip decode on download. 2017-09-10 13:30:22 +02:00
Franco Fichtner
0c2fefab03 src: transform Ad's copyrights, add e-mail everywhere 2017-08-06 11:19:35 +02:00
Ad Schellevis
5f17abb3fa (ids) fix for https://github.com/opnsense/core/issues/1516 2017-04-02 19:42:16 +02:00
Ad Schellevis
565fd72bba (ids) add support for inline configuration settings (subscription based url's for example), add basic auth support. 
Example supported format:

<?xml version="1.0"?>
<ruleset>
    <location url="https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz?oinkcode=%%snort.oinkcode%%" prefix="Snort"/>
    <files>
        <file description="blacklist" url="inline::rules/blacklist.rules">snort.blacklist.rules</file>
    </files>
    <properties>
        <property name="snort.oinkcode" default=""/>
    </properties>
</ruleset>

---
Registers the setting "snort.oinkcode" which is used to construct the download url.
This commit doesn't include definitions for new content, in case someone wants to create a definition file, it should be easy now :)
 2016-12-27 12:08:54 +01:00
Ad Schellevis
da024c5dfe (ids) work in progress, extend metadata templates with user input (subscription codes, etc) 2016-12-19 21:49:30 +01:00
Ad Schellevis
7294202195 (ids) change download buffering 2016-12-19 21:48:04 +01:00
Ad Schellevis
58ca02846b (IDS) extend support for compressed files with "inline::" keyword to be able to download parts of an archive (required to download snort rules). 
Change processing order to always stream data to tempfiles first, so we can reuse downloaded files (an archive scan isn't very expensive)
 2016-10-16 19:26:55 +02:00
Ad Schellevis
fe81d2e887 (IDS) add support for compressed rule files, unpack *.rules into defined target filename 2016-10-16 16:54:05 +02:00
Ad Schellevis
2d9e600411 (ids) re-create database if table count doesn't match 2016-06-26 15:57:00 +02:00
Ad Schellevis
642cbe1cce (ids) add action selection in rules tab, extend rule query with installed_action to represent the running configuration. closes https://github.com/opnsense/core/issues/751 2016-06-26 15:47:04 +02:00
Ad Schellevis
0a28a1b76c (ids) add support for documentation source url in backend call 2016-02-10 17:38:00 +01:00