Topics

Heise hat wieder mal nen Artikel über OPNsense veröffentlicht:

https://www.heise.de/newsticker/meldung/OPNsense-Firewall-20-1-mit-VXLAN-IPsec-public-key-und-kompletter-Doku-4654216.html

Habe gerade gesehen, dass ein Bericht über OPNsense geschrieben wurde:
https://www.admin-magazin.de/Das-Heft/2019/01/Freie-Firewall-OPNSense-administrieren
Sind drei Seiten.

Falls sich wer ersparen will, die Hostnamen für Telemetriedaten von Windows 10 heraus zu suchen, kann sich hier den Bericht vom BSI herunterladen:
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Analyse_Telemetriekomponente.pdf?__blob=publicationFile&v=3

Nächste Woche ist in Dornbirn (Bundesland Vorarlberg in Österreich) mein Workshop zu OPNsense. Wer sich noch nicht angemeldet hat, kann ggf. noch:
https://www.linuxday.at/die-opnsense-firewall-distribution

Ort: https://osm.org/go/0C283FHld--?m=

The boot does never complete, instead the firewall log is written to the serial port of my APU1 board and control c allows to start a shell. The web interface is running fine and the system is already mostly configured.

hi,
does a defined way exist to add build scripts to plugins as well as build dependencies?
for themes: sass -> css via sassc
general build of frontend heavy stuff: via webpack

Since Franco and I merged the branch, Franco created a new release (the release candidate 2) on which you can install a developer preview of the nginx plugin. The plugin should work but be careful with your locations. You must not enable security rules if you don't have rules. I am not sure if the patch for this issue is already out there for the nginx package. Also the error pages are still not perfectly designed. However the plugin itself should work.
Features:Proxy with WAF, TLS offloading and Authentication
Local Webserver (can currently serve static content)Webserver to serve the web interface (not enabled - can be done via command line by modifying some files).

Install:pkg install os-nginx-devel

I work on a nginx plugin and made a developer preview (may still contain bugs):
Source: https://github.com/opnsense/plugins/pull/696

Package: pkg add https://files.fabian-franz.eu/os-nginx-devel-0.2.txz
Please do not use it for production systems because it may contain unknown bugs.

There are several vulnerabilities:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Heise (german) has an article about it: https://www.heise.de/security/meldung/Jetzt-patchen-Angriffe-auf-Viren-Scanner-ClamAV-3951801.html

If anyone wants to test that:

I made a patch to allow the proxy pages to generate a PAC file:
https://github.com/opnsense/core/pull/2018

PAC can be used for advanced proxy configuration and it might be deployed via WPAD.

This page has some content for an attack against mail clients which hides the correct sender of the email:
https://www.mailsploit.com/index

I tried the example and it passed postfix / rspamd. Rspamd seems to detect that something is wrong (increase of score by 1.5 because of the encoding in the sender), but that is enough to block the mails. It would probably help in short term to increase this value but it could block legit mails.

If anyone is testing the mail gateway plugins, the mails will be probably not detected.

There is a collection of new plugins in development.
Michael Contributed a Postfix plugin which act as a mail proxy.
In this mail proxy, rspamd (plugin written by myself) can be integrated. Rspamd can use other plugins like clamav (already available) for anti malware and redis, which may be released soon too.

Kind regards

Fabian

Just if anyone likes to test:

Log in via SSH, and run this in the shell:

Code Select Expand

pkg install os-tor-devel

Docs may be available soon (URL will probably be https://docs.opnsense.org/manual/how-tos/tor.html)

because this is very often requested:
a plugin may become available.

For some early adopters, a mostly working plugin is attached.

Not yet implemented: status indicator (the thing on the top right on the screen)

https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html

Please note that the plugins are not yet available. They might be released with 17.7.2 or 17.7.3.

https://docs.opnsense.org/manual/dynamic_routing.html

Hi all,

Suricata 4.0 is out and I asked Franco to build it for 17.7. It will not be included in the stable version but it can be installed via the shell by running the following command:

Code Select Expand

pkg install https://pkg.opnsense.org/snapshots/suricata-4.0.0.txz

In a short test it still works without changing the GUI. Note: If you are having Suricata running, you will have to to restart it after installation. You can do that in the GUI.

Just if anyone is questioning this:

OPNsense is not affected as CVE-2017-8301 affects 2.5.1 to 2.5.3 and OPNsense uses a 2.4.x version of LibreSSL.

http://seclists.org/oss-sec/2017/q2/145

Please be careful with your other servers out there.

Kind regards

Fabian

This rules may be included:
https://github.com/countercept/doublepulsar-detection-script/blob/master/doublepulsar_snort_rules.rules

Es können noch Rechtschreibfehler vorhanden sein, und manche Plugins und 17.7 Änderungen noch nicht vorhanden sein.