aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/apache_mod_security-dev/apache_balancer.template4
-rw-r--r--config/apache_mod_security-dev/apache_mod_security.inc2
-rw-r--r--config/bandwidthd/bandwidthd.inc25
-rw-r--r--config/bandwidthd/bandwidthd.xml26
-rw-r--r--config/openbgpd/openbgpd.inc6
-rw-r--r--config/openbgpd/openbgpd_neighbors.xml4
-rwxr-xr-xconfig/snort/snort.inc9
-rw-r--r--config/systempatches/patches.inc4
-rw-r--r--config/systempatches/system_patches_edit.php2
9 files changed, 59 insertions, 23 deletions
diff --git a/config/apache_mod_security-dev/apache_balancer.template b/config/apache_mod_security-dev/apache_balancer.template
index 361a5ed4..06422125 100644
--- a/config/apache_mod_security-dev/apache_balancer.template
+++ b/config/apache_mod_security-dev/apache_balancer.template
@@ -6,7 +6,7 @@ $balancer_config= <<<EOF
# then edit /usr/local/pkg/apache_* files. #
# #
# And don't forget to submit your changes to: #
-# https://github.com/bsdperimeter/pfsense-packages #
+# https://github.com/pfsense/pfsense-packages #
##################################################################################
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
@@ -37,4 +37,4 @@ Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_
EOF;
-?> \ No newline at end of file
+?>
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index cdee4f6b..57f5407b 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -321,7 +321,7 @@ function generate_apache_configuration() {
# then edit /usr/local/pkg/apache_* files. #
# #
# And don't forget to submit your changes to: #
-# https://github.com/bsdperimeter/pfsense-packages #
+# https://github.com/pfsense/pfsense-packages #
##################################################################################
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc
index 8821ac76..4e0107eb 100644
--- a/config/bandwidthd/bandwidthd.inc
+++ b/config/bandwidthd/bandwidthd.inc
@@ -46,6 +46,8 @@ function bandwidthd_install_deinstall() {
exec("rm -f /usr/local/etc/rc.d/bandwidthd*");
exec("rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs");
exec("rm -f /usr/local/www/bandwidthd");
+ // Remove the cron job, if it is there
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false);
conf_mount_ro();
config_unlock();
}
@@ -79,7 +81,9 @@ function bandwidthd_install_config() {
$recover_cdf = "recover_cdf true\n";
$output_cdf = $config['installedpackages']['bandwidthd']['config'][0]['outputcdf'];
if($output_cdf)
- $output_cdf = "output_cdf true\n";
+ $output_cdf_string = "output_cdf true\n";
+ else
+ $output_cdf_string = "";
$promiscuous = $config['installedpackages']['bandwidthd']['config'][0]['promiscuous'];
if($promiscuous)
$promiscuous = "promiscuous true\n";
@@ -180,7 +184,7 @@ $graph_cutoff
$promiscuous
#Log data to cdf file htdocs/log.cdf
-$output_cdf
+$output_cdf_string
#Read back the cdf file on startup
$recover_cdf
@@ -252,7 +256,12 @@ if [ ! -L "{$bandwidthd_nano_dir}/etc" ] ; then
fi
/bin/ln -s {$bandwidthd_config_dir} {$bandwidthd_nano_dir}/etc
fi
-
+if [ ! -f "{$bandwidthd_htdocs_dir}/legend.gif" ] ; then
+ /bin/cp {$bandwidthd_base_dir}/htdocs/legend.gif {$bandwidthd_htdocs_dir}
+fi
+if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then
+ /bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir}
+fi
cd {$bandwidthd_nano_dir}
{$bandwidthd_nano_dir}/bandwidthd
cd -
@@ -292,6 +301,16 @@ EOD;
if (!file_exists($bandwidthd_index_file)) {
exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file);
}
+
+ if($output_cdf) {
+ // Use cron job to rotate logs every day at 00:01
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0");
+ }
+ else
+ {
+ // Remove the cron job, if it is there
+ install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false);
+ }
conf_mount_ro();
config_unlock();
stop_service("bandwidthd");
diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml
index f82ac69d..161280cf 100644
--- a/config/bandwidthd/bandwidthd.xml
+++ b/config/bandwidthd/bandwidthd.xml
@@ -96,7 +96,7 @@
<field>
<fielddescr>Skip intervals</fielddescr>
<fieldname>skipintervals</fieldname>
- <description>Number of intervals (2.5 minute) to skip between graphing. Default 0.</description>
+ <description>Number of intervals to skip between graphing. Default 0. Each interval is 200 seconds = 3 min 20 sec.</description>
<type>input</type>
</field>
<field>
@@ -108,19 +108,20 @@
<field>
<fielddescr>Promiscuous</fielddescr>
<fieldname>promiscuous</fieldname>
- <description>Put interface in promiscuous mode to score to traffic that may not be routing through the host machine.</description>
+ <description>Put interface in promiscuous mode to see traffic that may not be routing through the host machine.&lt;br&gt;
+ Note: If the interface is connected to a switch then the interface will only see the traffic on its port.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>output_cdf</fielddescr>
<fieldname>outputcdf</fieldname>
- <description>Log data to cdf file htdocs/log.cdf</description>
+ <description>Log data to cdf files log*.cdf</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>recover_cdf</fielddescr>
<fieldname>recovercdf</fieldname>
- <description>Read back the cdf file on startup</description>
+ <description>Read back the cdf files on startup</description>
<type>checkbox</type>
</field>
<field>
@@ -139,9 +140,24 @@
<field>
<fielddescr>Meta Refresh</fielddescr>
<fieldname>meta_refresh</fieldname>
- <description>Set META REFRESH seconds (default 150, use 0 to disable).</description>
+ <description>Sets the interval (seconds) at which the browser graph display refreshes (default 150, use 0 to disable).</description>
<type>input</type>
</field>
+ <field>
+ <fielddescr>Graph and Log Info</fielddescr>
+ <fieldname>graph_log_info</fieldname>
+ <description>If draw graphs is on, then the daily report and graph html data is regenerated every (skip intervals + 1) * 200 seconds. The data volumes in the report are for the same period as the span of the graph.&lt;br&gt;
+ If output_cdf is on, then a cron job is added to rotate the log files at 00:01 each day. 6 log files are kept for each log frequency (daily, weekly, monthly, yearly). At the respective rotation intervals, the oldest log is deleted, the others are shuffled back and a new log is created.&lt;br&gt;
+ &lt;table cellpadding=1 cellspacing=0 style=&quot;text-align: left;&quot;&gt; &lt;tbody&gt;
+ &lt;tr&gt;&lt;th&gt; &lt;/th&gt;&lt;th&gt; Data Interval &lt;/th&gt;&lt;th&gt; Graph Span &lt;/th&gt;&lt;th&gt; Log Rotation &lt;/th&gt;&lt;th&gt; Log File Name &lt;/th&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Daily &lt;/th&gt;&lt;td&gt; 200 seconds &lt;/td&gt;&lt;td&gt; 2 days &lt;/td&gt;&lt;td&gt; 1 day &lt;/td&gt;&lt;td&gt; log.1.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Weekly &lt;/th&gt;&lt;td&gt; 10 minutes &lt;/td&gt;&lt;td&gt; 7 days &lt;/td&gt;&lt;td&gt; 7 days &lt;/td&gt;&lt;td&gt; log.2.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Monthly &lt;/th&gt;&lt;td&gt; 1 hour &lt;/td&gt;&lt;td&gt; 35 days &lt;/td&gt;&lt;td&gt; 35 days &lt;/td&gt;&lt;td&gt; log.3.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;tr&gt;&lt;th&gt; Yearly &lt;/th&gt;&lt;td&gt; 12 hours &lt;/td&gt;&lt;td&gt; 412.5 days &lt;/td&gt;&lt;td&gt; 412.5 days &lt;/td&gt;&lt;td&gt; log.4.[0-5].cdf &lt;/td&gt;&lt;/tr&gt;
+ &lt;/tbody&gt; &lt;/table&gt;
+ </description>
+ <type>info</type>
+ </field>
</fields>
<custom_php_resync_config_command>
bandwidthd_install_config();
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index eff2855b..2d1f47fd 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -320,11 +320,11 @@ function bgpd_validate_group() {
if ($_POST['name'] == "")
$input_errors[] = "You must enter a name.";
- $_POST['name'] = remove_bad_chars($_POST['name']);
+ $_POST['name'] = openbgpd_remove_bad_chars($_POST['name']);
}
-function remove_bad_chars($string) {
+function openbgpd_remove_bad_chars($string) {
return preg_replace('/[^a-z|_|0-9]/i','',$string);
}
@@ -369,4 +369,4 @@ function is_openbgpd_running() {
return false;
}
-?> \ No newline at end of file
+?>
diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml
index efa82384..e45baa1a 100644
--- a/config/openbgpd/openbgpd_neighbors.xml
+++ b/config/openbgpd/openbgpd_neighbors.xml
@@ -100,13 +100,13 @@
<field>
<fielddescr>TCP-MD5 key</fielddescr>
<fieldname>md5sigkey</fieldname>
- <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers.</description>
+ <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. You need the Local Addr option to be set.</description>
<type>input</type>
</field>
<field>
<fielddescr>TCP-MD5 password</fielddescr>
<fieldname>md5sigpass</fieldname>
- <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router.</description>
+ <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. You need the Local Addr option to be set.</description>
<type>input</type>
</field>
<field>
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index c36fc873..27d0b7e5 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -38,11 +38,11 @@ require_once("functions.inc");
require_once("filter.inc");
/* package version */
-$snort_version = "2.9.2.3";
+$snort_version = "2.9.4.1";
$pfSense_snort_version = "2.5.4";
$snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}";
-$snort_rules_file = "snortrules-snapshot-2923.tar.gz";
-$emerging_threats_version = "2.9.3";
+$snort_rules_file = "snortrules-snapshot-2941.tar.gz";
+$emerging_threats_version = "2.9.0";
$flowbit_rules_file = "flowbit-required.rules";
$snort_enforcing_rules_file = "snort.rules";
@@ -1855,7 +1855,8 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules) {
***************************************************/
foreach ($active_rules as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
- if ($v['disabled'] == 0)
+ /* If rule is already disabled, skip it. */
+ if ($v['disabled'] == 1)
continue;
foreach ($rule_opts_preprocs as $opt => $preproc) {
$pcre = "/\s*\b" . $opt . "/i";
diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc
index 89610565..e9bd2814 100644
--- a/config/systempatches/patches.inc
+++ b/config/systempatches/patches.inc
@@ -29,7 +29,7 @@
require_once("globals.inc");
require_once("util.inc");
-$git_root_url = "http://github.com/bsdperimeter/pfsense/commit/";
+$git_root_url = "http://github.com/pfsense/pfsense/commit/";
$patch_suffix = ".patch";
$patch_dir = "/var/patches";
$patch_cmd = "/usr/bin/patch";
@@ -139,4 +139,4 @@ function is_github_url($url) {
$urlbits = explode("/", $url);
return (substr($urlbits[2], -10) == "github.com");
}
-?> \ No newline at end of file
+?>
diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php
index 260a7300..3dd5e349 100644
--- a/config/systempatches/system_patches_edit.php
+++ b/config/systempatches/system_patches_edit.php
@@ -165,7 +165,7 @@ include("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Patch Contents"); ?></td>
<td width="78%" class="vtable">
- <textarea name="patch" class="" id="patch" rows="15" cols="70" wrap="off"><?=base64_decode($pconfig['patch']);?></textarea>
+ <textarea name="patch" class="" id="patch" rows="15" cols="70" wrap="off"><?=htmlspecialchars(base64_decode($pconfig['patch']));?></textarea>
<br /> <span class="vexpl"><?=gettext("The contents of the patch. You can paste a patch here, or enter a URL/commit ID above, it can then be fetched into here automatically."); ?></span></td>
</tr>
<tr>