a lot of infosec sites, CERT advisories, and similar channels are currently reporting about a simple to exploit, zero-day RCE (things don’t get much worse, do they?) in Apache Log4j, being tracked as CVE-2021-44228.
Before anybody asks: IPFire 2.x is not affected by this vulnerability, and neither is the project’s infrastructure.
I just thought it would make sense to post this here proactively, so infosec/security/anti-abuse people do not have to have nightmares/headaches (depending on your timezone and sleeping pattern) about their IPFire machines being compromised as well.
To those interested, further information on this vulnerability is, for example, available here:
EDIT: Since a lot of questions regarding this vulnerability still arrive the developers, we just published this blog post to improve spreading the news.
By default, the IPS rulesets are updated daily, so these should be present on IPFire installations having the “Emerging Threats Community ruleset” enabled.
Strange. I am also using Core Update 161.
Just to confirm you do have the frequency set to daily.
My only suggestion is to change the ruleset to the Snort/VRT Community rules and press save. You will get a completely different ruleset installed. Select the rules in the bottom section and Apply them and then save in the top IPS section and it should go to green and start. The ruleset time stamp should be very new.
Mine was
Ruleset (2021-12-14 21:23:15)
Be aware that when you do this your setting chosen in the Emerging Threats Community ruleset will be lost so take a note of which rules you had selected.
Then reselect the Emerging Threats Community ruleset and press save. Then select the required rules in the lower section and press Apply.
The timestamp for this ruleset on my system was then
Ruleset (2021-12-14 21:26:12)
that this works for you. If not then I have no further idea what the problem could be.
This is what I did in the past. And it worked as expected and the ruleset was updated to something current.
But, I didn’t want to do this again and have to re-set all of the rules. Especially the sub-rules.
So this will help me for today, but what about next time?
–
I was trying to find the code for the ruleset update. I thought I would stumble across it in fcrontab, or an fcron.daily, fcron.weekly, and I could not locate it. (and maybe that is the problem?!?)
Hi, I had one system that would not update the rules. I found that by setting the AutomaticRuleUpdate to Disabled and pressing Save it brought up a manual UpdateRuleset button!
Pressed that button and Save and voila the rules were updated Then set the AutomaticRuleUpdate back to Daily and Saved.