lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 11:26:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,776 Commits 1 Branch 0 Tags
Commit Graph

561 Commits

Author SHA1 Message Date
Franco Fichtner
6172beb8f4 src: useless globals 2018-11-12 14:44:44 +01:00
Franco Fichtner
fba9b8ab2e firewall: CGN seems to be valid... for discussion 
PR: https://github.com/opnsense/core/issues/2880
 2018-11-11 12:49:19 +01:00
Franco Fichtner
c6df560fa6 firewall: add XXX to label mismatch, related to #1494 2018-11-11 09:01:13 +01:00
Franco Fichtner
cae5ec3f69 system: remove apinger, dpinger takes over 2018-11-10 23:42:17 +01:00
Ad Schellevis
08bd6c7177 Firewall/alias, increase resolve() performance, see https://forum.opnsense.org/index.php?topic=10164.msg46639 2018-11-08 13:42:32 +01:00
Ad Schellevis
b38a76a265 IDS/IPS, prevent duplicate download of same target filename, support overlays. for https://github.com/opnsense/core/issues/2885 2018-11-06 20:05:09 +01:00
Ad Schellevis
416b05afa6 IDS/IPS, use content-disposition, for https://github.com/opnsense/core/issues/2885 2018-11-06 20:04:05 +01:00
Ad Schellevis
534c918a4e IDS/ruledownload, improve logging a bit. log http return code when download failed 2018-11-05 21:14:52 +01:00
Franco Fichtner
ee6b692455 firewall: move bogon script out of the way, priv-sep, lower retries 2018-11-03 12:25:09 +01:00
Franco Fichtner
05d1283508 dhcp: flip arguments for services_dhcpd_configure 
Stop radvd in setport while there.
 2018-10-31 15:07:53 +01:00
Ad Schellevis
1d9b7ef480 Firewall/alias, disabled alias should leave us with an empty one, for https://github.com/opnsense/core/issues/2860 2018-10-30 09:27:45 +01:00
Franco Fichtner
e682d77bb0 firmware: we modify these too 2018-10-23 09:52:32 +02:00
Franco Fichtner
4d16653fc5 firmware: ask only once via expansion 
We only want to know if there is anything at all and "" + "" is still "".
 2018-10-23 06:14:37 +02:00
Franco Fichtner
e01d6c7f86 firmware: unify temp file handling in health audit 2018-10-22 16:22:30 +02:00
Franco Fichtner
e23a63699b firmware: finish mtree for base/kernel 2018-10-22 13:53:50 +02:00
Franco Fichtner
389b9d4839 firmware: use named arguments in check script 2018-10-22 09:06:03 +02:00
Franco Fichtner
8f6c2bc881 src: whitespace and style sweep 2018-10-19 07:03:39 +00:00
Ad Schellevis
a3cb1a0c59 system: add configd call to return json structured interface data using legacy_interfaces_details(), while working on https://github.com/opnsense/core/issues/2787 missed something to return configured addresses. 
No need to duplicate legacy_interfaces_details.

adds:
```
configctl interface list ifconfig
```
 2018-10-15 13:02:50 +02:00
Franco Fichtner
51071f88de firmware: ignore kernel/base when argument was given 2018-10-15 08:14:07 +02:00
Franco Fichtner
b4969b49ca firmware: refactor mtree tests slightly 2018-10-14 19:20:27 +02:00
Franco Fichtner
b7d7d16622 firmware: improve mtree handling further 2018-10-14 17:14:10 +02:00
Franco Fichtner
62f9073b8d firmware: small tweaks for future flexibility 
Most of this will only be relevant for 19.1 where we shall have
an "enforcement" of mtree files through the sets so that this
check can audit our whole system for issues... :)
 2018-10-14 12:02:58 +02:00
Franco Fichtner
e65fef947d firmware: rename security audit script for clarity 2018-10-14 11:57:18 +02:00
Franco Fichtner
e7bd9d3a74 firmware: wrong audit ;) 2018-10-14 11:46:17 +02:00
Franco Fichtner
ffe4910513 firmware: first part of mtree verification 
PR: https://github.com/opnsense/update/issues/37
 2018-10-14 11:39:36 +02:00
Ad Schellevis
f2b30558ac IDS/IPS, abuse.ch fingerprint ruleset for suricata 4.1.x using tls_cert_fingerprint keyword for better performance. 
keep on master while still on suricata 4.0.x
 2018-10-13 11:15:56 +02:00
Ad Schellevis
8d08b67d28 Firewall/alias, keep previous content for url alias type on fetch error. closes https://github.com/opnsense/core/issues/2793 2018-10-05 22:59:33 +02:00
Franco Fichtner
a7dbe83957 version: improved crypto flavour reading 
product_flavour is embedded in the release package but the
package itself does not insist on a particular flavour other
than having knowledge about the flavour the package was
built for originally.  This is ok and direct crypto deps
seem to have failed to produce reliable upgrade / sidegrade
results in recent tests anyway.

Long story short: find out the real crypto flavour installed
from the OpenSSL binary or fall back to the metadata if said
binary cannot be found.
 2018-09-26 20:30:45 +02:00
Franco Fichtner
4ebb368b2c unbound: hello bitrot my old friend :P 
* Base unbound is no longer installed.  Path is /usr/local/...
* remotecontrol.conf is not enough, need to use unbound.conf
* shuffle remote-control content into unbound.conf
* disable cache dump / load until its more clever

Case in point of how useless is it to have unused scripts hitching
along for the ride.
 2018-09-23 10:59:05 +02:00
Franco Fichtner
ef5cb57e31 unbound: shorten unbounctlwrapper to wrapper.py 2018-09-23 10:20:09 +02:00
Franco Fichtner
993b205cb6 unbound: cache dump / load / flush 2018-09-23 10:04:09 +02:00
Franco Fichtner
1fb52bace2 shell: obvious replacement for OPENSSL_VERSION_TEXT 2018-09-22 09:29:38 +02:00
Franco Fichtner
0cf4fe5e38 rc: hello opnsense-version! 2018-09-16 23:07:21 +02:00
Franco Fichtner
90296833f9 firmware: firmware-product, src/opnsense/version/opnsense, etc. 
Now that we have metadata injection at build time read it instead
of its auxiliary files.  Allow live-mount to snoop the metadata and
afterwards we can start to marry the version and firmware-product
file.

Last puzzle piece will be a tool called "opnsense-version" to read
the JSON metadata and return it in a piecemeal fashion of a part
of the system requires that info, especially from the shell.
 2018-09-16 20:38:15 +02:00
Franco Fichtner
574bd308be src: remove trailing dot workaround by removing trailing dots 2018-09-16 11:44:13 +02:00
Franco Fichtner
82d57c022c shell: mark iteration variable unused 2018-09-15 10:33:09 +02:00
Franco Fichtner
baa43590d7 src: remove get_configured_interface_with_descr()'s $withdisabled 2018-09-11 22:16:31 +02:00
Franco Fichtner
a35b40a4a7 src: remove unused $only_opt 2018-09-11 21:52:34 +02:00
Ad Schellevis
e8505ba364 style fix, see https://github.com/opnsense/core/issues/2693 2018-09-06 22:03:05 +02:00
Ad Schellevis
e9dfa48953 Revert "squid, deleay startup during boot, for https://github.com/opnsense/core/issues/2569" 
This reverts commit 72af231b41403447c682dc9337301ebde786a168.
 2018-08-14 10:54:21 +02:00
Ad Schellevis
72af231b41 squid, deleay startup during boot, for https://github.com/opnsense/core/issues/2569 2018-08-13 16:49:52 +02:00
Franco Fichtner
19b832f6c8 interfaces: try to sync dhclient-script #2542 2018-08-08 18:15:32 +02:00
Franco Fichtner
b8a651a931 shell: omit ":" from SSL fingerprint, asymmetry bugs me 2018-08-05 18:16:43 +02:00
Franco Fichtner
cac939caba firmware: typo 2018-07-18 21:04:47 +02:00
Ad Schellevis
ac35e91dee IDS, cleanup previously installed rules, which are known in the configuration but don't exist anymore in the definitions (uninstalled). Manually installed rules will remain untouched by this change. closes https://github.com/opnsense/core/pull/2448 2018-07-15 21:36:13 +02:00
Franco Fichtner
46438e696b firmware: reboot hint only if download is possible; closes #2547 2018-07-15 14:00:27 +02:00
Ad Schellevis
aa215fcbdb Firewall/alias, ignore namelookup when no nameservers are configured 
https://forum.opnsense.org/index.php?topic=9103.0
 2018-07-12 07:03:09 +02:00
Franco Fichtner
b8ff445601 firmware: ask for the right base/kernel in edge case 
We already know a new kernel/base is there, but look up the old
one which may fail if it has been deleted.  This causes the sets
to be omitted from the update list, even though later on the
upgrade works as expected.
 2018-07-11 07:40:09 +00:00
Robin Schneider
3f86721ce3 Use openssh_enabled() in src/opnsense/scripts/shell/banner.php 
This is only an improvement and unification of
`src/opnsense/scripts/shell/banner.php`.

Using `openssh_enabled()` both times in this file is preferred over one
time using `isset($config['system']['ssh']['enabled'])` and the other
time using `openssh_enabled()`.

Updates: 00f9b21cb78d9f76a8f94e8e62cbcefad65b7d99
Updates: 81e50abd0afba2d58ce487cdad60c7aedf899bbf
Updates: https://github.com/opnsense/core/pull/2481
 2018-07-08 13:51:27 +02:00
Franco Fichtner
45bd265180 shell: print(f) to echo where possible 
Spotted by: @fabianfrz
 2018-07-06 21:01:29 +00:00