From 95eb4bc2b9c2c68c151860d6eb19433f0c0d7d56 Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Fri, 7 Feb 2020 17:59:25 +0100 Subject: [PATCH 01/20] DOC: Update INSTALL.md * Add Debian, Ubuntu and OpenSuse distribution names, which are obviously supported later in the document. --- docs/INSTALL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 40d60f4..d215bc8 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -28,9 +28,9 @@ The following instructions assume the following requirements: * a supported operating system Supported and recommended operating systems are: -* Debian 8 -* OpenSUSE Leap 42.2 -* Ubuntu: 14.04 and 16.04 LTS +* Debian 8, 9, 10 +* OpenSUSE Leap 42.2, 15 +* Ubuntu: 14.04, 16.04, 18.04 LTS Partly supported are: * RHEL 7 From 0683fb8925ea6259bdc10c598548d6e7fc45c09f Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Mon, 16 Mar 2020 12:22:38 +0100 Subject: [PATCH 02/20] MAINT: start 2.2.0 development --- CHANGELOG.md | 26 ++++++++++++++++++++++++++ NEWS.md | 4 ++++ intelmq-manager/php/config.php | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8c14b6..a458149 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,32 @@ CHANGELOG ========= +2.2.0 (unreleased) +------------------ + +### Backend + +### Pages + +#### Landing page + +#### Configuration + +#### Management + +#### Monitor + +#### Check + +### Documentation + +### Third-party libraries + +### Packaging + +### Known issues + + 2.1.1 (unreleased) ------------------ diff --git a/NEWS.md b/NEWS.md index 98cd9c6..720af4b 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,10 @@ NEWS See the changelog for a full list of changes. +2.2.0 (unreleased) +------------------ + + 2.1.0 (2019-10-15) ------------------ The environment variable name was corrected from `INTELMQ_MANGER_CONTROLER_CMD` to `INTELMQ_MANGER_CONTROLLER_CMD` you might need to adapt your configuration. diff --git a/intelmq-manager/php/config.php b/intelmq-manager/php/config.php index b3ca3cb..0940316 100644 --- a/intelmq-manager/php/config.php +++ b/intelmq-manager/php/config.php @@ -22,7 +22,7 @@ $BOT_CONFIGS_REJECT_REGEX = '/[^[:print:]\n\r\t]/'; $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.1.0"; + $VERSION = "2.2.0a1"; $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. $FILESIZE_THRESHOLD = 2000; // config files under this size gets loaded automatically; otherwise a link is generated From 6338e4d1772c5484f451c05926770539476e078d Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Mon, 16 Mar 2020 16:46:19 +0100 Subject: [PATCH 03/20] ENH: about: show debug output --- CHANGELOG.md | 4 ++++ NEWS.md | 1 + intelmq-manager/js/about.js | 31 ++++++++++++++++++++++++++++ intelmq-manager/php/controller.php | 2 ++ intelmq-manager/templates/about.html | 8 ++++++- 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80e192b..87fb0f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 2.2.0 (unreleased) ------------------ +This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Backend @@ -19,6 +20,9 @@ CHANGELOG #### Check +#### About +- Show output of `intelmqctl debug`. + ### Documentation ### Third-party libraries diff --git a/NEWS.md b/NEWS.md index 720af4b..1889c46 100644 --- a/NEWS.md +++ b/NEWS.md @@ -5,6 +5,7 @@ See the changelog for a full list of changes. 2.2.0 (unreleased) ------------------ +This IntelMQ Manager version requires IntelMQ >= 2.2.0. 2.1.0 (2019-10-15) diff --git a/intelmq-manager/js/about.js b/intelmq-manager/js/about.js index a3c2119..51e6c2e 100644 --- a/intelmq-manager/js/about.js +++ b/intelmq-manager/js/about.js @@ -13,5 +13,36 @@ function get_versions() { alert('error getting version'); }); } +function get_debug() { + var section_element = document.getElementById('debugging'); + + $.getJSON(MANAGEMENT_SCRIPT + '?scope=debug') + .done(function (data) { + for (const section in data) { + section_heading = document.createElement("h3"); + section_heading.innerHTML = section; + section_element.appendChild(section_heading); + table = document.createElement("table"); + tbody = document.createElement("table"); + + for (const element of data[section]) { + row = tbody.insertRow(-1); + cell0 = row.insertCell(0); + cell0.innerHTML = "
" + element[0] + "
"; + cell1 = row.insertCell(1); + cell1.innerHTML = "
" + element[1] + "
"; + } + table.appendChild(tbody); + section_element.appendChild(table); + } + $('#debugging-heading').removeClass('waiting'); + }) + .fail(function (jqxhr, textStatus, error) { + var err = textStatus + ", " + error; + console.error( "Request Failed: " + err ); + alert('Error getting debugging information. Do you have IntelMQ >= 2.2.0?'); + }); +} get_versions(); +get_debug(); diff --git a/intelmq-manager/php/controller.php b/intelmq-manager/php/controller.php index dcbfa3f..47578c2 100644 --- a/intelmq-manager/php/controller.php +++ b/intelmq-manager/php/controller.php @@ -121,6 +121,8 @@ default: break; } +} else if ($scope == 'debug') { + $arguments = 'debug'; } else { die('Invalid scope'); } diff --git a/intelmq-manager/templates/about.html b/intelmq-manager/templates/about.html index bf51dfa..e101e85 100644 --- a/intelmq-manager/templates/about.html +++ b/intelmq-manager/templates/about.html @@ -50,4 +50,10 @@

Version

- \ No newline at end of file +
+
 
+
+

Debugging

+
+
+ From b8733682b86ddb0a7a67681c7df21c42bae9605c Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Mon, 16 Mar 2020 16:46:35 +0100 Subject: [PATCH 04/20] BUG: get paths from intelmqctl debug fixes certtools/intelmq-manager#193 --- CHANGELOG.md | 1 + NEWS.md | 3 +++ intelmq-manager/php/config.php | 42 +++++++++++++++++++++++++--------- 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87fb0f2..d32fc02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ CHANGELOG This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Backend +- `config`: Get file paths from `intelmctl debug --get-paths` if possible and fall back to hard-coded paths otherwise. Thereby environment variables influencing the paths are respected. ### Pages diff --git a/NEWS.md b/NEWS.md index 1889c46..63f7f67 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,6 +7,9 @@ See the changelog for a full list of changes. ------------------ This IntelMQ Manager version requires IntelMQ >= 2.2.0. +### Paths +The paths for configuration files is not queried from the IntelMQ Core. +The environment variables `INTELMQ_ROOT_DIR` and `INTELMQ_PATHS_NO_OPT`/`INTELMQ_PATHS_OPT` are now respected. 2.1.0 (2019-10-15) ------------------ diff --git a/intelmq-manager/php/config.php b/intelmq-manager/php/config.php index 0940316..aa6596e 100644 --- a/intelmq-manager/php/config.php +++ b/intelmq-manager/php/config.php @@ -1,16 +1,6 @@ '/opt/intelmq/etc/BOTS', - 'defaults' => '/opt/intelmq/etc/defaults.conf', - 'harmonization' => '/opt/intelmq/etc/harmonization.conf', - 'pipeline' => '/opt/intelmq/etc/pipeline.conf', - 'runtime' => '/opt/intelmq/etc/runtime.conf', - 'system' => '/opt/intelmq/etc/system.conf', - 'positions' => '/opt/intelmq/etc/manager/positions.conf', - ); if(!($c = getenv("INTELMQ_MANGER_CONTROLLER_CMD"))) { - $c = "sudo -u intelmq /usr/local/bin/intelmqctl"; + $c = "sudo -u intelmq /usr/bin/intelmqctl"; } // to be displayed so that user can replicate @@ -26,4 +16,34 @@ $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. $FILESIZE_THRESHOLD = 2000; // config files under this size gets loaded automatically; otherwise a link is generated + + $FILES = array( + 'bots' => '/opt/intelmq/etc/BOTS', + 'defaults' => '/opt/intelmq/etc/defaults.conf', + 'harmonization' => '/opt/intelmq/etc/harmonization.conf', + 'pipeline' => '/opt/intelmq/etc/pipeline.conf', + 'runtime' => '/opt/intelmq/etc/runtime.conf', + 'system' => '/opt/intelmq/etc/system.conf', + 'positions' => '/opt/intelmq/etc/manager/positions.conf', + ); + # get paths from intelmqctl directly if it works + $proc = proc_open($c . "--type json debug --get-paths", [ + 1 => ['pipe','w'], + 2 => ['pipe','w'], + ], $pipes); + $paths_stdout = stream_get_contents($pipes[1]); + fclose($pipes[1]); + $paths_stderr = stream_get_contents($pipes[2]); + fclose($pipes[2]); + $paths_status = proc_close($proc); + if ($paths_status == 0) { + $paths_output = json_decode($paths_stdout); + $FILES['bots'] = $output['BOTS_FILE']; + $FILES['defaults'] = $output['DEFAULTS_CONF_FILE']; + $FILES['harmonization'] = $output['HARMONIZATION_CONF_FILE']; + $FILES['pipeline'] = $output['PIPELINE_CONF_FILE']; + $FILES['runtime'] = $output['RUNTIME_CONF_FILE']; + $FILES['system'] = $output['SYSTEM_CONF_FILE']; + $FILES['positions'] = $output['CONFIG_DIR'] . "/manager/positions.conf"; + } ?> From ba01cc4469eb397c0d44285ec65e28a4ac3473a3 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Mon, 16 Mar 2020 18:30:38 +0100 Subject: [PATCH 05/20] PKG: update debian changelog to current dev version --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 6fe7200..2b11aba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +intelmq-manager (2.2.0~alpha1-1) unstable; urgency=medium + + * Update to 2.2.0 alpha 1. + + -- Sebastian Wagner Mon, 16 Mar 2020 16:55:47 +0100 + intelmq-manager (2.1.0-1) stable; urgency=medium * Update to version 2.1.0 From 3a736f9d90fbab5a2966996e0b39381ca86eee81 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Mon, 16 Mar 2020 18:31:23 +0100 Subject: [PATCH 06/20] PKG: update fix-paths patch --- debian/patches/fix-paths.patch | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/debian/patches/fix-paths.patch b/debian/patches/fix-paths.patch index 1ff5aab..d8f9045 100644 --- a/debian/patches/fix-paths.patch +++ b/debian/patches/fix-paths.patch @@ -1,12 +1,20 @@ Description: Fix paths for LSB Author: Sebastian Wagner -Last-Update: 2019-10-15 +Last-Update: 2020-03-16 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/intelmq-manager/php/config.php 2019-10-15 11:37:08.919388631 +0200 -+++ b/intelmq-manager/php/config.php 2019-10-15 11:48:37.518199337 +0200 -@@ -1,16 +1,16 @@ +--- intelmq-manager/php/config.php 2020-03-16 16:50:54.716712759 +0100 ++++ intelmq-manager/php/config.php 2020-03-16 16:52:00.812537251 +0100 +@@ -1,6 +1,6 @@ '/opt/intelmq/etc/BOTS', @@ -24,9 +32,5 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ + 'system' => '/etc/intelmq/system.conf', + 'positions' => '/etc/intelmq/manager/positions.conf', ); - if(!($c = getenv("INTELMQ_MANGER_CONTROLLER_CMD"))) { -- $c = "sudo -u intelmq /usr/local/bin/intelmqctl"; -+ $c = "sudo -u intelmq /usr/bin/intelmqctl"; - } - - // to be displayed so that user can replicate + # get paths from intelmqctl directly if it works + $proc = proc_open($c . "--type json debug --get-paths", [ From 159bef27ad1e4c69880e52d77284da6515866de7 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Thu, 19 Mar 2020 14:35:30 +0100 Subject: [PATCH 07/20] DOC: changelog: add issue number --- CHANGELOG.md | 2 +- intelmq-manager/php/config.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d32fc02..f7b8573 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ CHANGELOG This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Backend -- `config`: Get file paths from `intelmctl debug --get-paths` if possible and fall back to hard-coded paths otherwise. Thereby environment variables influencing the paths are respected. +- `config`: Get file paths from `intelmctl debug --get-paths` if possible and fall back to hard-coded paths otherwise. Thereby environment variables influencing the paths are respected (#193). ### Pages diff --git a/intelmq-manager/php/config.php b/intelmq-manager/php/config.php index aa6596e..9ece105 100644 --- a/intelmq-manager/php/config.php +++ b/intelmq-manager/php/config.php @@ -1,6 +1,6 @@ Date: Mon, 27 Apr 2020 16:06:34 +0200 Subject: [PATCH 08/20] swap CONTROLLER_CMD --- intelmq-manager/template.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/intelmq-manager/template.php b/intelmq-manager/template.php index d452bfa..ae40a54 100644 --- a/intelmq-manager/template.php +++ b/intelmq-manager/template.php @@ -97,13 +97,13 @@ CONTROLLER_CMD=\"$CONTROLLER_CMD\";"; if($ALLOWED_PATH): echo ""; endif; foreach ($libraries as $lib): echo ""; - endforeach; - echo ""; + endforeach; ?> From 08ebd0d3f3c410990ce026aeb816f87f4e260d6d Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 28 Apr 2020 10:15:07 +0200 Subject: [PATCH 09/20] DOC: minor improvements on security docs link in SECURITY.md to INSTALL.md make note on internal browser bold --- SECURITY.md | 2 +- docs/INSTALL.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c294edb..6e7f7b8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ IntelMQ Manager Security Notes Running IntelMQ Manager securely -------------------------------- -Please read the installation documentation at `docs/INSTALL.md`, section "Security considerations". +Please read the installation documentation at [`docs/INSTALL.md`, section "Security considerations"](docs/INSTALL.md#security-considerations). Found a security issue? ----------------------- diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 85849d0..28f7137 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -143,7 +143,7 @@ The way the current version is written, anyone can send a POST request and chang Therefore you will need authentication and SSL. -Use IntelMQ Manager only from a browser that can only access internal, trusted sites. (Because CSRF development is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). +Use IntelMQ Manager **only from a browser that can only access internal, trusted sites** (Because CSRF development is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). In addition, intelmq currently stores plaintext passwords in its configuration files. These can be read via intelmq-manager. From 27ae0d74da8038f709659790148b130ecae2e932 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 28 Apr 2020 10:15:07 +0200 Subject: [PATCH 10/20] DOC: minor improvements on security docs link in SECURITY.md to INSTALL.md make note on internal browser bold --- SECURITY.md | 2 +- docs/INSTALL.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c294edb..6e7f7b8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ IntelMQ Manager Security Notes Running IntelMQ Manager securely -------------------------------- -Please read the installation documentation at `docs/INSTALL.md`, section "Security considerations". +Please read the installation documentation at [`docs/INSTALL.md`, section "Security considerations"](docs/INSTALL.md#security-considerations). Found a security issue? ----------------------- diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 85849d0..28f7137 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -143,7 +143,7 @@ The way the current version is written, anyone can send a POST request and chang Therefore you will need authentication and SSL. -Use IntelMQ Manager only from a browser that can only access internal, trusted sites. (Because CSRF development is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). +Use IntelMQ Manager **only from a browser that can only access internal, trusted sites** (Because CSRF development is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). In addition, intelmq currently stores plaintext passwords in its configuration files. These can be read via intelmq-manager. From 943c2a8d176d5dc38767471b813262bba242c2d1 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 28 Apr 2020 14:30:28 +0200 Subject: [PATCH 11/20] DOC: isntall / security: rephrase CSRF notice idea by @bernhard-herzog in https://github.com/certtools/intelmq-manager/commit/ec6567e9ddac839fb0b286e3c7e9c017fd63f1b3#commitcomment-38792161 --- docs/INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 28f7137..68f7091 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -143,7 +143,7 @@ The way the current version is written, anyone can send a POST request and chang Therefore you will need authentication and SSL. -Use IntelMQ Manager **only from a browser that can only access internal, trusted sites** (Because CSRF development is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). +Use IntelMQ Manager **only from a browser that can only access internal, trusted sites** (Due to CSRF, development of a fix is under way, see [#111](https://github.com/certtools/intelmq-manager/issues/111)). In addition, intelmq currently stores plaintext passwords in its configuration files. These can be read via intelmq-manager. From c89424b5cd5efeaceb6aa6a7e97addf3e42c51e8 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 28 Apr 2020 15:05:37 +0200 Subject: [PATCH 12/20] MAINT: start development of 2.1.2 --- CHANGELOG.md | 26 ++++++++++++++++++++++++++ NEWS.md | 4 ++++ debian/patches/fix-paths.patch | 2 +- docs/Release.md | 2 +- intelmq-manager/php/config.php | 2 +- 5 files changed, 33 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3366a0e..d524054 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,32 @@ CHANGELOG ========= +2.1.2 (unreleased) +------------------ + +### Backend + +### Pages + +#### Landing page + +#### Configuration + +#### Management + +#### Monitor + +#### Check + +### Documentation + +### Third-party libraries + +### Packaging + +### Known issues + + 2.1.1 (2020-04-27) ------------------ Bernhard Herzog (Intevation) discovered that the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. diff --git a/NEWS.md b/NEWS.md index 6cc0b25..90d0f73 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,10 @@ NEWS See the changelog for a full list of changes. +2.1.2 (unreleased) +------------------ + + 2.1.1 (2020-04-27) ------------------ diff --git a/debian/patches/fix-paths.patch b/debian/patches/fix-paths.patch index 5e62cf1..f96d7f3 100644 --- a/debian/patches/fix-paths.patch +++ b/debian/patches/fix-paths.patch @@ -34,7 +34,7 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ // to be displayed so that user can replicate @@ -26,6 +26,6 @@ $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.1.1"; + $VERSION = "2.1.2a1"; - $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. + $ALLOWED_PATH = "/var/lib/intelmq/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. diff --git a/docs/Release.md b/docs/Release.md index 1a36db4..5fa8fbb 100644 --- a/docs/Release.md +++ b/docs/Release.md @@ -39,7 +39,7 @@ For bigger releases, probably also at IHAP, Twitter, etc. Ask your favorite soci ## Prepare new version -Increase the version in `intelmq-manager/php/config.php` and declare it as alpha version. +`intelmq-manager/php/config.php` and `debian/patches/fix-paths.patch`: Update the version. Add a new empty changelog section: diff --git a/intelmq-manager/php/config.php b/intelmq-manager/php/config.php index d6dcb4d..70bcc60 100644 --- a/intelmq-manager/php/config.php +++ b/intelmq-manager/php/config.php @@ -24,7 +24,7 @@ $BOT_CONFIGS_REJECT_REGEX = '/[^[:print:]\n\r\t]/'; $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.1.1"; + $VERSION = "2.1.2a1"; $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. $FILESIZE_THRESHOLD = 2000; // config files under this size gets loaded automatically; otherwise a link is generated From ab7ba1f8d8553d9019a764902b6de59d2bd952fc Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 28 Apr 2020 15:20:29 +0200 Subject: [PATCH 13/20] PKG: Update path patch --- debian/patches/fix-paths.patch | 38 ++++++++++++++-------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/debian/patches/fix-paths.patch b/debian/patches/fix-paths.patch index c2bcba4..2c93e59 100644 --- a/debian/patches/fix-paths.patch +++ b/debian/patches/fix-paths.patch @@ -1,19 +1,25 @@ Description: Fix paths for LSB Author: Sebastian Wagner -Last-Update: 2020-04-27 +Last-Update: 2020-04-28 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/intelmq-manager/php/config.php 2020-04-27 17:37:51.310011401 +0200 -+++ b/intelmq-manager/php/config.php 2020-04-27 21:28:30.432810932 +0200 -@@ -1,18 +1,18 @@ - '/etc/intelmq/system.conf', + 'positions' => '/etc/intelmq/manager/positions.conf', ); - $backwardscompat = getenv("INTELMQ_MANGER_CONTROLLER_CMD"); - $controller = getenv("INTELMQ_MANAGER_CONTROLLER_CMD"); - if(!($c = $controller ? $controller : $backwardscompat)) { -- $c = "sudo -u intelmq /usr/local/bin/intelmqctl"; -+ $c = "sudo -u intelmq /usr/bin/intelmqctl"; - } - - // to be displayed so that user can replicate -@@ -26,6 +26,6 @@ - $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.2.0a1"; - -- $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. -+ $ALLOWED_PATH = "/var/lib/intelmq/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. - $FILESIZE_THRESHOLD = 2000; // config files under this size gets loaded automatically; otherwise a link is generated - ?> + # get paths from intelmqctl directly if it works + $proc = proc_open($c . "--type json debug --get-paths", [ From 3f30257dcc9f625e3450a27e2249c99afeb20598 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:22:07 +0200 Subject: [PATCH 14/20] PKG: update positions config --- CHANGELOG.md | 1 + debian/positions.conf | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49cd81b..cb74b2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,7 @@ This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Third-party libraries ### Packaging +- Update default `positions.conf` to the default runtime/pipeline configuration of intelmq >= 2.1.1. ### Known issues diff --git a/debian/positions.conf b/debian/positions.conf index 4264ce3..2609951 100644 --- a/debian/positions.conf +++ b/debian/positions.conf @@ -1,9 +1,9 @@ { - "abusech-domain-parser": { + "feodo-tracker-browse-parser": { "x": -304, "y": 250 }, - "abusech-feodo-domains-collector": { + "feodo-tracker-browse-collector": { "x": -508, "y": 282 }, @@ -58,5 +58,9 @@ "url2fqdn-expert": { "x": 275, "y": -116 + }, + "settings": { + "physics": false, + "live": true } -} \ No newline at end of file +} From e706cad5ccf0e11f30493d9147b4a58c41ef8498 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:24:05 +0200 Subject: [PATCH 15/20] DOC: Update release documentation --- CHANGELOG.md | 1 + docs/Release.md | 28 ++++++++++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb74b2f..859d8cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ This IntelMQ Manager version requires IntelMQ >= 2.2.0. - Show output of `intelmqctl debug`. ### Documentation +- Update release from intelmq's release documentation. ### Third-party libraries diff --git a/docs/Release.md b/docs/Release.md index 5fa8fbb..f2b10ec 100644 --- a/docs/Release.md +++ b/docs/Release.md @@ -1,9 +1,22 @@ # Release procedure -Make sure the current state is really final ;) -You can test most of the steps described here locally before doing it real. +**Table of Contents:** +- [Documentation](#documentation) +- [Commit, push, review and merge](#commit-push-review-and-merge) +- [Tag and release](#tag-and-release) +- [Packages](#packages) +- [Announcements](#announcements) +- [Prepare new version](#prepare-new-version) -Assumption: You are working on branch maintenance, the next version is a bug fix release. For feature releaese it is slightly different. + +General assumption: You are working on branch maintenance, the next version is a bug fix release. For feature releases it is slightly different. + +## Check before + + * Make sure the current state is really final ;) + You can test most of the steps described here locally before doing it real. + * Close the milestone on GitHub and move any open issues to the next one. + * `docs/INSTALL.md`: Update supported operating systems. ## Documentation @@ -12,14 +25,17 @@ Assumption: You are working on branch maintenance, the next version is a bug fix * `intelmq-manager/php/config.php` and `debian/patches/fix-paths.patch`: Update the version. * `debian/changelog`: Insert a new section for the new version with the tool `dch`. -## Commit -Commit your changes, the message should start with `REL: `. Push and create a pull request from maintenance to master. Someone else should review the changes. Eventually fix them, make sure the `REL: ` is the last commit, you can also push that one at last, after the reviews. +## Commit, push, review and merge + +Commit your changes in a separate branch, the final commit's message should start with `REL: `. Push and create a pull request to maintenance and after that from maintenance to master. Someone else should review the changes. Eventually fix them, make sure the `REL: ` is the last commit, you can also push that one at last, after the reviews. + +Why a separate branch? Because if problems show up, you can still force-push to that one, keeping the release commit the latest one. ## Tag and release Tag the commit with `git tag -s version HEAD`, merge it into master, push the both branches *and* the tag. The tag is just `a.b.c`, not prefixed with `v` (that was necessary only with SVN a long time ago...). -Go to https://github.com/certtools/intelmq-manager/tags and enter the release notes (changelog) for the new tag, then it's considered a release by github. +Go to https://github.com/certtools/intelmq-manager/tags and enter the release notes (changelog) for the new tag, then it's considered a *release* by github. ## Packages We are currently using the public Open Build Service instance of openSUSE: http://build.opensuse.org/project/show/home:sebix:intelmq From d4b36c6caeff200f1db62f2fc311b8f7718eb901 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:25:29 +0200 Subject: [PATCH 16/20] DOC: Update installation documentation --- CHANGELOG.md | 1 + docs/INSTALL.md | 63 ++++++++++++++++++++----------------------------- 2 files changed, 26 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 859d8cc..6fe4c19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Documentation - Update release from intelmq's release documentation. +- Update Installation documentation: Fix & update dependencies and supported operating systems. ### Third-party libraries diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 68f7091..ef58d58 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -29,82 +29,67 @@ The following instructions assume the following requirements: * a supported operating system Supported and recommended operating systems are: -* Debian 8, 9, 10 -* OpenSUSE Leap 42.2, 15 -* Ubuntu: 14.04, 16.04, 18.04 LTS +* Debian 9, 10 +* Fedora 30, 31, 32 +* OpenSUSE Leap 15.1, 15.2 +* Ubuntu: 16.04, 18.04, 20.04 Partly supported are: -* RHEL 7 * CentOS 7 +* RHEL 7 See [Notes on CentOS / RHEL](#notes-on-centos--rhel) # Install Dependencies If you are using native packages, you can simply skip this section as all dependencies are installed automatically. -## Ubuntu 14.04 / Debian 8 - -```bash -apt-get install git apache2 php5 libapache2-mod-php5 -``` - -## Ubuntu 16.04 / Debian 9 - -```bash -apt-get install git apache2 php libapache2-mod-php7.0 -``` -## Ubuntu 18.04 +## Debian / Ubuntu ```bash -apt-get install git apache2 php libapache2-mod-php7.2 +apt-get install git libapache2-mod-php php-json ``` -## Debian 10 +## CentOS / RHEL ```bash -apt install libapache2-mod-php7.3 +yum install epel-release +yum install git httpd httpd-tools php ``` -## CentOS 7 +## Fedora ```bash -yum install epel-release -yum install git httpd httpd-tools php -``` +dnf install git httpd php php-common php-json -## openSUSE Leap 15.1 +## openSUSE ```bash -zypper install git apache2 apache2-utils apache2-mod_php7 +zypper install git apache2 apache2-utils apache2-mod_php php-json ``` # Installation ## Native packages -Get the install instructions for your operating system here: -https://software.opensuse.org/download.html?project=home%3Asebix%3Aintelmq&package=intelmq-manager +This is only recommended if you also installed intelmq itself with packages. +As you already have the repository configured, you can install the package called `intelmq-manager` using your operating system's package manager. +Complete install instructions for your operating system can be found here: +https://software.opensuse.org/download.html?project=home:sebix:intelmq&package=intelmq-manager Currently, these operating systems are supported by the packages: * CentOS 7, install `epel-release` first * RHEL 7, install `epel-release` first -* Debian 8 and Debian 9 (install `php-json` too) -* Fedora 25, 26 and Rawhide -* openSUSE Leap 42.2 and Leap 42.3 +* Debian 9, 10 +* Fedora 30, 31, 32 +* openSUSE Leap 15.1, 15.2 * openSUSE Tumbleweed -* Ubuntu 16.04 and Ubuntu 17.04, install `php-json` too +* Ubuntu 16.04, 18.04, 19.10, 20.04 -The package is always called `intelmq-manager`. - -For Debian and Ubuntu you need to make the configuration files writable by the group: -```bash -chmod 664 /etc/intelmq/*.conf /etc/intelmq/manager/positions.conf -``` ## Manually -Clone the repository and copy the files in the subfolder `intelmq-manager` to the webserver directory (can also be `/srv/www/htdocs/` depending on the used system): +Clone the repository using git and copy the files in the subfolder `intelmq-manager` to the webserver directory (can also be `/srv/www/htdocs/` depending on the used system): ```bash git clone https://github.com/certtools/intelmq-manager.git /tmp/intelmq-manager cp -R /tmp/intelmq-manager/intelmq-manager/* /var/www/html/ @@ -135,6 +120,8 @@ Also, stopping bots does currently not work, see also https://github.com/certtoo If you can help to fix these issues, please join us! +For RHEL, the packages of CentOS may work better than those for RHEL as there are issues building the packages for RHEL. Help on RHEL is appreciated. + # Security considerations **Never ever run intelmq-manager on a public webserver without SSL and proper authentication**. From a8e58772a1f74a53eede012cf5a7f801e9e9b535 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:25:58 +0200 Subject: [PATCH 17/20] DOC: remove unreleased 2.1.2 version from changelog --- CHANGELOG.md | 45 +++++---------------------------------------- NEWS.md | 6 ++---- 2 files changed, 7 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fe4c19..77852d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,18 +9,6 @@ This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Backend - `config`: Get file paths from `intelmctl debug --get-paths` if possible and fall back to hard-coded paths otherwise. Thereby environment variables influencing the paths are respected (#193). -### Pages - -#### Landing page - -#### Configuration - -#### Management - -#### Monitor - -#### Check - #### About - Show output of `intelmqctl debug`. @@ -28,38 +16,15 @@ This IntelMQ Manager version requires IntelMQ >= 2.2.0. - Update release from intelmq's release documentation. - Update Installation documentation: Fix & update dependencies and supported operating systems. -### Third-party libraries - -### Packaging - -### Known issues - - -2.1.2 (unreleased) ------------------- - -### Backend - -### Pages - -#### Landing page - -#### Configuration - -#### Management - -#### Monitor - -#### Check - -### Documentation - -### Third-party libraries - ### Packaging - Update default `positions.conf` to the default runtime/pipeline configuration of intelmq >= 2.1.1. ### Known issues +* Missing CSRF protection (#111). +* Graph jumps around on "Add edge" (#148). +* wrong error message for new bots with existing ID (#152). +* `ALLOWED_PATH=` violates CSP (#183). +* Monitor page: Automatic log refresh reset log page to first one (#190). 2.1.1 (2020-04-27) diff --git a/NEWS.md b/NEWS.md index 49b5a2c..5c8f89c 100644 --- a/NEWS.md +++ b/NEWS.md @@ -2,6 +2,8 @@ NEWS ==== See the changelog for a full list of changes. + + 2.2.0 (unreleased) ------------------ This IntelMQ Manager version requires IntelMQ >= 2.2.0. @@ -11,10 +13,6 @@ The paths for configuration files is not queried from the IntelMQ Core. The environment variables `INTELMQ_ROOT_DIR` and `INTELMQ_PATHS_NO_OPT`/`INTELMQ_PATHS_OPT` are now respected. -2.1.2 (unreleased) ------------------- - - 2.1.1 (2020-04-27) ------------------ From bde0c51e1bd33698a05d57672aefbe08abb254e2 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:54:29 +0200 Subject: [PATCH 18/20] PKG: fix path patch file name --- debian/patches/fix-paths.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/patches/fix-paths.patch b/debian/patches/fix-paths.patch index 2c93e59..d38c850 100644 --- a/debian/patches/fix-paths.patch +++ b/debian/patches/fix-paths.patch @@ -3,8 +3,8 @@ Author: Sebastian Wagner Last-Update: 2020-04-28 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- intelmq-manager/php/config.php 2020-04-28 15:17:27.858979961 +0200 -+++ intelmq-manager/php/config1.php 2020-04-28 15:18:38.985712752 +0200 +--- a/intelmq-manager/php/config.php 2020-04-28 15:17:27.858979961 +0200 ++++ b/intelmq-manager/php/config.php 2020-04-28 15:18:38.985712752 +0200 @@ -2,7 +2,7 @@ $backwardscompat = getenv("INTELMQ_MANGER_CONTROLLER_CMD"); $controller = getenv("INTELMQ_MANAGER_CONTROLLER_CMD"); From e99322cf0a2698c83c8bd5b065799ad3039722bf Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 14:29:48 +0200 Subject: [PATCH 19/20] PKG: require correct intelmq version in debian pkg --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index ebd2400..471b0f3 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Package: intelmq-manager Architecture: all Depends: ${misc:Depends}, apache2, apache2-utils, libapache2-mod-php | libapache2-mod-php5, sudo, - adduser, intelmq (>= 1.0.1) + adduser, intelmq (>= 2.2.0) Description: Graphical interface to manage configurations for the IntelMQ framework. A IntelMQ configuration is a set of config files which describe which bots and processing steps should be run in which order. It is similar From 776d091000d1a3b80b179b4d8f0e13cf2bdbe280 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Tue, 23 Jun 2020 10:47:10 +0200 Subject: [PATCH 20/20] REL: Release version 2.2.0 --- CHANGELOG.md | 3 ++- NEWS.md | 6 +++--- debian/changelog | 6 ++++++ debian/patches/fix-paths.patch | 2 +- intelmq-manager/php/config.php | 2 +- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77852d3..b64dcd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,14 @@ CHANGELOG ========= -2.2.0 (unreleased) +2.2.0 (2020-06-23) ------------------ This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Backend - `config`: Get file paths from `intelmctl debug --get-paths` if possible and fall back to hard-coded paths otherwise. Thereby environment variables influencing the paths are respected (#193). +### Pages #### About - Show output of `intelmqctl debug`. diff --git a/NEWS.md b/NEWS.md index 5c8f89c..c2c95a3 100644 --- a/NEWS.md +++ b/NEWS.md @@ -4,13 +4,13 @@ NEWS See the changelog for a full list of changes. -2.2.0 (unreleased) +2.2.0 (2020-06-23) ------------------ This IntelMQ Manager version requires IntelMQ >= 2.2.0. ### Paths -The paths for configuration files is not queried from the IntelMQ Core. -The environment variables `INTELMQ_ROOT_DIR` and `INTELMQ_PATHS_NO_OPT`/`INTELMQ_PATHS_OPT` are now respected. +The paths for configuration files are queried from the IntelMQ Core. +Thus, the environment variables `INTELMQ_ROOT_DIR` and `INTELMQ_PATHS_NO_OPT`/`INTELMQ_PATHS_OPT` are now respected. 2.1.1 (2020-04-27) diff --git a/debian/changelog b/debian/changelog index 68f758e..32b27a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +intelmq-manager (2.2.0-1) stable; urgency=medium + + * Update to 2.2.0. + + -- Sebastian Wagner Tue, 23 Jun 2020 10:46:42 +0200 + intelmq-manager (2.2.0~alpha1-1) unstable; urgency=medium * Update to 2.2.0 alpha 1. diff --git a/debian/patches/fix-paths.patch b/debian/patches/fix-paths.patch index d38c850..6f91a32 100644 --- a/debian/patches/fix-paths.patch +++ b/debian/patches/fix-paths.patch @@ -16,7 +16,7 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ // to be displayed so that user can replicate @@ -16,17 +16,17 @@ $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.2.0a1"; + $VERSION = "2.2.0"; - $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. + $ALLOWED_PATH = "/var/lib/intelmq/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. diff --git a/intelmq-manager/php/config.php b/intelmq-manager/php/config.php index deaf104..b8bed3b 100644 --- a/intelmq-manager/php/config.php +++ b/intelmq-manager/php/config.php @@ -14,7 +14,7 @@ $BOT_CONFIGS_REJECT_REGEX = '/[^[:print:]\n\r\t]/'; $BOT_ID_REJECT_REGEX = '/[^A-Za-z0-9.-]/'; - $VERSION = "2.2.0a1"; + $VERSION = "2.2.0"; $ALLOWED_PATH = "/opt/intelmq/var/lib/bots/"; // PHP is allowed to fetch the config files from the current location in order to display bot configurations. $FILESIZE_THRESHOLD = 2000; // config files under this size gets loaded automatically; otherwise a link is generated