Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
5cc1515b
Commit
5cc1515b
authored
Nov 25, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firmware: add audit feature, @jschellevis will like this...
parent
dd80bded
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
94 additions
and
5 deletions
+94
-5
plist
plist
+1
-0
FirmwareController.php
.../app/controllers/OPNsense/Core/Api/FirmwareController.php
+20
-0
firmware.volt
src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
+32
-5
audit.sh
src/opnsense/scripts/firmware/audit.sh
+34
-0
launcher.sh
src/opnsense/scripts/firmware/launcher.sh
+1
-0
actions_firmware.conf
src/opnsense/service/conf/actions.d/actions_firmware.conf
+6
-0
No files found.
plist
View file @
5cc1515b
...
@@ -551,6 +551,7 @@
...
@@ -551,6 +551,7 @@
/usr/local/opnsense/scripts/filter/list_table.py
/usr/local/opnsense/scripts/filter/list_table.py
/usr/local/opnsense/scripts/filter/list_tables.py
/usr/local/opnsense/scripts/filter/list_tables.py
/usr/local/opnsense/scripts/filter/pfinfo.py
/usr/local/opnsense/scripts/filter/pfinfo.py
/usr/local/opnsense/scripts/firmware/audit.sh
/usr/local/opnsense/scripts/firmware/changelog.sh
/usr/local/opnsense/scripts/firmware/changelog.sh
/usr/local/opnsense/scripts/firmware/check.sh
/usr/local/opnsense/scripts/firmware/check.sh
/usr/local/opnsense/scripts/firmware/hotfix.sh
/usr/local/opnsense/scripts/firmware/hotfix.sh
...
...
src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
View file @
5cc1515b
...
@@ -273,6 +273,26 @@ class FirmwareController extends ApiControllerBase
...
@@ -273,6 +273,26 @@ class FirmwareController extends ApiControllerBase
return
$response
;
return
$response
;
}
}
/**
* run a security audit
* @return array status
* @throws \Exception
*/
public
function
auditAction
()
{
$backend
=
new
Backend
();
$response
=
array
();
if
(
$this
->
request
->
isPost
())
{
$response
[
'status'
]
=
'ok'
;
$response
[
'msg_uuid'
]
=
trim
(
$backend
->
configdRun
(
"firmware audit"
,
true
));
}
else
{
$response
[
'status'
]
=
'failure'
;
}
return
$response
;
}
/**
/**
* reinstall package
* reinstall package
* @param string $pkg_name package name to reinstall
* @param string $pkg_name package name to reinstall
...
...
src/opnsense/mvc/app/views/OPNsense/Core/firmware.volt
View file @
5cc1515b
...
@@ -63,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -63,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE.
// unhide upgrade button
// unhide upgrade button
$("#upgrade").attr("style","");
$("#upgrade").attr("style","");
$("#audit").attr("style","display:none");
// show upgrade list
// show upgrade list
$('#update_status').hide();
$('#update_status').hide();
...
@@ -91,6 +92,7 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -91,6 +92,7 @@ POSSIBILITY OF SUCH DAMAGE.
packagesInfo(false);
packagesInfo(false);
} else {
} else {
$("#upgrade").attr("style","display:none");
$("#upgrade").attr("style","display:none");
$("#audit").attr("style","");
// update list so plugins sync as well (all)
// update list so plugins sync as well (all)
packagesInfo(true);
packagesInfo(true);
...
@@ -106,6 +108,7 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -106,6 +108,7 @@ POSSIBILITY OF SUCH DAMAGE.
$('#update_status').show();
$('#update_status').show();
$('#updatetab > a').tab('show');
$('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Upgrading...') }}");
$('#updatestatus').html("{{ lang._('Upgrading...') }}");
$("#audit").attr("style","display:none");
$("#upgrade").attr("style","");
$("#upgrade").attr("style","");
$("#upgrade_progress").addClass("fa fa-spinner fa-pulse");
$("#upgrade_progress").addClass("fa fa-spinner fa-pulse");
...
@@ -115,6 +118,24 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -115,6 +118,24 @@ POSSIBILITY OF SUCH DAMAGE.
});
});
}
}
/**
* perform audit, install poller to update status
*/
function audit() {
$.upgrade_action = 'audit';
$('#updatelist').hide();
$('#update_status').show();
$('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Auditing...') }}");
$("#audit").attr("style","");
$("#audit_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall('/api/core/firmware/audit', {}, function () {
$('#updatelist').empty();
setTimeout(trackStatus, 500);
});
}
/**
/**
* read license from backend
* read license from backend
*/
*/
...
@@ -218,9 +239,9 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -218,9 +239,9 @@ POSSIBILITY OF SUCH DAMAGE.
}
}
/**
/**
* handle
updat
e status
* handle
check/audit/upgrad
e status
*/
*/
function trackStatus(){
function trackStatus()
{
ajaxGet('/api/core/firmware/upgradestatus',{},function(data, status) {
ajaxGet('/api/core/firmware/upgradestatus',{},function(data, status) {
if (data['log'] != undefined) {
if (data['log'] != undefined) {
$('#update_status').html(data['log']);
$('#update_status').html(data['log']);
...
@@ -228,12 +249,16 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -228,12 +249,16 @@ POSSIBILITY OF SUCH DAMAGE.
}
}
if (data['status'] == 'done') {
if (data['status'] == 'done') {
$("#upgrade_progress").removeClass("fa fa-spinner fa-pulse");
$("#upgrade_progress").removeClass("fa fa-spinner fa-pulse");
if ($.upgrade_action != 'pkg') {
$("#audit_progress").removeClass("fa fa-spinner fa-pulse");
$('#updatestatus').html("{{ lang._('Upgrade done!') }}");
if ($.upgrade_action == 'pkg') {
} else {
$('#updatestatus').html("{{ lang._('Package manager update done. Please check for more updates.') }}");
$('#updatestatus').html("{{ lang._('Package manager update done. Please check for more updates.') }}");
} else if ($.upgrade_action == 'audit') {
$('#updatestatus').html("{{ lang._('Audit done.') }}");
} else {
$('#updatestatus').html("{{ lang._('Upgrade done.') }}");
}
}
$("#upgrade").attr("style","display:none");
$("#upgrade").attr("style","display:none");
$("#audit").attr("style","");
packagesInfo(true);
packagesInfo(true);
} else if (data['status'] == 'reboot') {
} else if (data['status'] == 'reboot') {
BootstrapDialog.show({
BootstrapDialog.show({
...
@@ -418,6 +443,7 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -418,6 +443,7 @@ POSSIBILITY OF SUCH DAMAGE.
// link event handlers
// link event handlers
$('#checkupdate').click(updateStatus);
$('#checkupdate').click(updateStatus);
$('#upgrade').click(upgrade_ui);
$('#upgrade').click(upgrade_ui);
$('#audit').click(audit);
// show upgrade message if there
// show upgrade message if there
if ($('#message').html() != '') {
if ($('#message').html() != '') {
$('#message').attr('style', '');
$('#message').attr('style', '');
...
@@ -550,6 +576,7 @@ POSSIBILITY OF SUCH DAMAGE.
...
@@ -550,6 +576,7 @@ POSSIBILITY OF SUCH DAMAGE.
<div id="message" style="display:none" class="alert alert-warning" role="alert"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div>
<div id="message" style="display:none" class="alert alert-warning" role="alert"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div>
<div class="alert alert-info" role="alert" style="min-height: 65px;">
<div class="alert alert-info" role="alert" style="min-height: 65px;">
<button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Upgrade now') }}</button>
<button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Upgrade now') }}</button>
<button class='btn btn-primary pull-right' id="audit"><i id="audit_progress" class=""></i> {{ lang._('Audit now') }}</button>
<button class='btn btn-default pull-right' id="checkupdate" style="margin-right: 8px;"><i id="checkupdate_progress" class=""></i> {{ lang._('Check for updates')}}</button>
<button class='btn btn-default pull-right' id="checkupdate" style="margin-right: 8px;"><i id="checkupdate_progress" class=""></i> {{ lang._('Check for updates')}}</button>
<div style="margin-top: 8px;" id="updatestatus">{{ lang._('Click to check for updates.')}}</div>
<div style="margin-top: 8px;" id="updatestatus">{{ lang._('Click to check for updates.')}}</div>
</div>
</div>
...
...
src/opnsense/scripts/firmware/audit.sh
0 → 100755
View file @
5cc1515b
#!/bin/sh
# Copyright (C) 2016 Franco Fichtner <franco@opnsense.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
PKG_PROGRESS_FILE
=
/tmp/pkg_upgrade.progress
# Truncate upgrade progress file
:
>
${
PKG_PROGRESS_FILE
}
echo
"***GOT REQUEST TO AUDIT"
>>
${
PKG_PROGRESS_FILE
}
pkg audit
-F
>>
${
PKG_PROGRESS_FILE
}
2>&1
echo
'***DONE***'
>>
${
PKG_PROGRESS_FILE
}
src/opnsense/scripts/firmware/launcher.sh
View file @
5cc1515b
...
@@ -28,6 +28,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware"
...
@@ -28,6 +28,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware"
LOCKFILE
=
"/tmp/pkg_upgrade.progress"
LOCKFILE
=
"/tmp/pkg_upgrade.progress"
FLOCK
=
"/usr/local/bin/flock -n -o"
FLOCK
=
"/usr/local/bin/flock -n -o"
COMMANDS
=
"
COMMANDS
=
"
audit
hotfix
hotfix
install
install
lock
lock
...
...
src/opnsense/service/conf/actions.d/actions_firmware.conf
View file @
5cc1515b
...
@@ -35,6 +35,12 @@ parameters:%s
...
@@ -35,6 +35,12 @@ parameters:%s
type
:
script_output
type
:
script_output
message
:
Viewing
license
for
%
s
message
:
Viewing
license
for
%
s
[
audit
]
command
:/
usr
/
sbin
/
daemon
-
f
/
usr
/
local
/
opnsense
/
scripts
/
firmware
/
launcher
.
sh
audit
parameters
:
type
:
script
message
:
Retrieving
vulnerability
report
[
running
]
[
running
]
command
:/
usr
/
local
/
opnsense
/
scripts
/
firmware
/
running
.
sh
command
:/
usr
/
local
/
opnsense
/
scripts
/
firmware
/
running
.
sh
parameters
:
parameters
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment