diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/apache_mod_security-dev/apache_balancer.template | 4 | ||||
-rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 2 | ||||
-rw-r--r-- | config/bandwidthd/bandwidthd.inc | 25 | ||||
-rw-r--r-- | config/bandwidthd/bandwidthd.xml | 26 | ||||
-rw-r--r-- | config/openbgpd/openbgpd.inc | 6 | ||||
-rw-r--r-- | config/openbgpd/openbgpd_neighbors.xml | 4 | ||||
-rwxr-xr-x | config/snort/snort.inc | 9 | ||||
-rw-r--r-- | config/systempatches/patches.inc | 4 | ||||
-rw-r--r-- | config/systempatches/system_patches_edit.php | 2 |
9 files changed, 59 insertions, 23 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.template b/config/apache_mod_security-dev/apache_balancer.template index 361a5ed4..06422125 100644 --- a/config/apache_mod_security-dev/apache_balancer.template +++ b/config/apache_mod_security-dev/apache_balancer.template @@ -6,7 +6,7 @@ $balancer_config= <<<EOF # then edit /usr/local/pkg/apache_* files. # # # # And don't forget to submit your changes to: # -# https://github.com/bsdperimeter/pfsense-packages # +# https://github.com/pfsense/pfsense-packages # ################################################################################## SetOutputFilter DEFLATE SetInputFilter DEFLATE @@ -37,4 +37,4 @@ Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ EOF; -?>
\ No newline at end of file +?> diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index cdee4f6b..57f5407b 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -321,7 +321,7 @@ function generate_apache_configuration() { # then edit /usr/local/pkg/apache_* files. # # # # And don't forget to submit your changes to: # -# https://github.com/bsdperimeter/pfsense-packages # +# https://github.com/pfsense/pfsense-packages # ################################################################################## diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 8821ac76..4e0107eb 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -46,6 +46,8 @@ function bandwidthd_install_deinstall() { exec("rm -f /usr/local/etc/rc.d/bandwidthd*"); exec("rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs"); exec("rm -f /usr/local/www/bandwidthd"); + // Remove the cron job, if it is there + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); conf_mount_ro(); config_unlock(); } @@ -79,7 +81,9 @@ function bandwidthd_install_config() { $recover_cdf = "recover_cdf true\n"; $output_cdf = $config['installedpackages']['bandwidthd']['config'][0]['outputcdf']; if($output_cdf) - $output_cdf = "output_cdf true\n"; + $output_cdf_string = "output_cdf true\n"; + else + $output_cdf_string = ""; $promiscuous = $config['installedpackages']['bandwidthd']['config'][0]['promiscuous']; if($promiscuous) $promiscuous = "promiscuous true\n"; @@ -180,7 +184,7 @@ $graph_cutoff $promiscuous #Log data to cdf file htdocs/log.cdf -$output_cdf +$output_cdf_string #Read back the cdf file on startup $recover_cdf @@ -252,7 +256,12 @@ if [ ! -L "{$bandwidthd_nano_dir}/etc" ] ; then fi /bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc fi - +if [ ! -f "{$bandwidthd_htdocs_dir}/legend.gif" ] ; then + /bin/cp {$bandwidthd_base_dir}/htdocs/legend.gif {$bandwidthd_htdocs_dir} +fi +if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then + /bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir} +fi cd {$bandwidthd_nano_dir} {$bandwidthd_nano_dir}/bandwidthd cd - @@ -292,6 +301,16 @@ EOD; if (!file_exists($bandwidthd_index_file)) { exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file); } + + if($output_cdf) { + // Use cron job to rotate logs every day at 00:01 + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); + } + else + { + // Remove the cron job, if it is there + install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); + } conf_mount_ro(); config_unlock(); stop_service("bandwidthd"); diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index f82ac69d..161280cf 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -96,7 +96,7 @@ <field> <fielddescr>Skip intervals</fielddescr> <fieldname>skipintervals</fieldname> - <description>Number of intervals (2.5 minute) to skip between graphing. Default 0.</description> + <description>Number of intervals to skip between graphing. Default 0. Each interval is 200 seconds = 3 min 20 sec.</description> <type>input</type> </field> <field> @@ -108,19 +108,20 @@ <field> <fielddescr>Promiscuous</fielddescr> <fieldname>promiscuous</fieldname> - <description>Put interface in promiscuous mode to score to traffic that may not be routing through the host machine.</description> + <description>Put interface in promiscuous mode to see traffic that may not be routing through the host machine.<br> + Note: If the interface is connected to a switch then the interface will only see the traffic on its port.</description> <type>checkbox</type> </field> <field> <fielddescr>output_cdf</fielddescr> <fieldname>outputcdf</fieldname> - <description>Log data to cdf file htdocs/log.cdf</description> + <description>Log data to cdf files log*.cdf</description> <type>checkbox</type> </field> <field> <fielddescr>recover_cdf</fielddescr> <fieldname>recovercdf</fieldname> - <description>Read back the cdf file on startup</description> + <description>Read back the cdf files on startup</description> <type>checkbox</type> </field> <field> @@ -139,9 +140,24 @@ <field> <fielddescr>Meta Refresh</fielddescr> <fieldname>meta_refresh</fieldname> - <description>Set META REFRESH seconds (default 150, use 0 to disable).</description> + <description>Sets the interval (seconds) at which the browser graph display refreshes (default 150, use 0 to disable).</description> <type>input</type> </field> + <field> + <fielddescr>Graph and Log Info</fielddescr> + <fieldname>graph_log_info</fieldname> + <description>If draw graphs is on, then the daily report and graph html data is regenerated every (skip intervals + 1) * 200 seconds. The data volumes in the report are for the same period as the span of the graph.<br> + If output_cdf is on, then a cron job is added to rotate the log files at 00:01 each day. 6 log files are kept for each log frequency (daily, weekly, monthly, yearly). At the respective rotation intervals, the oldest log is deleted, the others are shuffled back and a new log is created.<br> + <table cellpadding=1 cellspacing=0 style="text-align: left;"> <tbody> + <tr><th> </th><th> Data Interval </th><th> Graph Span </th><th> Log Rotation </th><th> Log File Name </th></tr> + <tr><th> Daily </th><td> 200 seconds </td><td> 2 days </td><td> 1 day </td><td> log.1.[0-5].cdf </td></tr> + <tr><th> Weekly </th><td> 10 minutes </td><td> 7 days </td><td> 7 days </td><td> log.2.[0-5].cdf </td></tr> + <tr><th> Monthly </th><td> 1 hour </td><td> 35 days </td><td> 35 days </td><td> log.3.[0-5].cdf </td></tr> + <tr><th> Yearly </th><td> 12 hours </td><td> 412.5 days </td><td> 412.5 days </td><td> log.4.[0-5].cdf </td></tr> + </tbody> </table> + </description> + <type>info</type> + </field> </fields> <custom_php_resync_config_command> bandwidthd_install_config(); diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index eff2855b..2d1f47fd 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -320,11 +320,11 @@ function bgpd_validate_group() { if ($_POST['name'] == "") $input_errors[] = "You must enter a name."; - $_POST['name'] = remove_bad_chars($_POST['name']); + $_POST['name'] = openbgpd_remove_bad_chars($_POST['name']); } -function remove_bad_chars($string) { +function openbgpd_remove_bad_chars($string) { return preg_replace('/[^a-z|_|0-9]/i','',$string); } @@ -369,4 +369,4 @@ function is_openbgpd_running() { return false; } -?>
\ No newline at end of file +?> diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml index efa82384..e45baa1a 100644 --- a/config/openbgpd/openbgpd_neighbors.xml +++ b/config/openbgpd/openbgpd_neighbors.xml @@ -100,13 +100,13 @@ <field> <fielddescr>TCP-MD5 key</fielddescr> <fieldname>md5sigkey</fieldname> - <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers.</description> + <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. You need the Local Addr option to be set.</description> <type>input</type> </field> <field> <fielddescr>TCP-MD5 password</fielddescr> <fieldname>md5sigpass</fieldname> - <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router.</description> + <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. You need the Local Addr option to be set.</description> <type>input</type> </field> <field> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c36fc873..27d0b7e5 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -38,11 +38,11 @@ require_once("functions.inc"); require_once("filter.inc"); /* package version */ -$snort_version = "2.9.2.3"; +$snort_version = "2.9.4.1"; $pfSense_snort_version = "2.5.4"; $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; -$snort_rules_file = "snortrules-snapshot-2923.tar.gz"; -$emerging_threats_version = "2.9.3"; +$snort_rules_file = "snortrules-snapshot-2941.tar.gz"; +$emerging_threats_version = "2.9.0"; $flowbit_rules_file = "flowbit-required.rules"; $snort_enforcing_rules_file = "snort.rules"; @@ -1855,7 +1855,8 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules) { ***************************************************/ foreach ($active_rules as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - if ($v['disabled'] == 0) + /* If rule is already disabled, skip it. */ + if ($v['disabled'] == 1) continue; foreach ($rule_opts_preprocs as $opt => $preproc) { $pcre = "/\s*\b" . $opt . "/i"; diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 89610565..e9bd2814 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -29,7 +29,7 @@ require_once("globals.inc"); require_once("util.inc"); -$git_root_url = "http://github.com/bsdperimeter/pfsense/commit/"; +$git_root_url = "http://github.com/pfsense/pfsense/commit/"; $patch_suffix = ".patch"; $patch_dir = "/var/patches"; $patch_cmd = "/usr/bin/patch"; @@ -139,4 +139,4 @@ function is_github_url($url) { $urlbits = explode("/", $url); return (substr($urlbits[2], -10) == "github.com"); } -?>
\ No newline at end of file +?> diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index 260a7300..3dd5e349 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -165,7 +165,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Patch Contents"); ?></td> <td width="78%" class="vtable"> - <textarea name="patch" class="" id="patch" rows="15" cols="70" wrap="off"><?=base64_decode($pconfig['patch']);?></textarea> + <textarea name="patch" class="" id="patch" rows="15" cols="70" wrap="off"><?=htmlspecialchars(base64_decode($pconfig['patch']));?></textarea> <br /> <span class="vexpl"><?=gettext("The contents of the patch. You can paste a patch here, or enter a URL/commit ID above, it can then be fetched into here automatically."); ?></span></td> </tr> <tr> |