From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: Betatest Guardian 2.0 Date: Wed, 20 Jul 2016 15:33:48 +0200 Message-ID: <1469021628.22228.8.camel@ipfire.org> In-Reply-To: <1468850466.4663.63.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0364334397618170556==" List-Id: --===============0364334397618170556== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello testers, I've uploaded  a new test version (003). Update or fresh install works like described in the announcement mail. The Changelog can be found here: http://people.ipfire.org/~stevee/guardian-2.0/Changelog.txt At the moment I'm missing feedback for the following functions: * Manually blocking / unblocking addresses. * Dealing with the ignore list. * Owncloud message parser. * Logrotate, there should be an corresponding log entry in the guardian logfile after rotation of the logfiles have been done. * Reload of the ignore list after "Red" has been reconnected. There also a corresponding log entry should be logged to the logfile and the new "Red-address" should also be logged as part of the ignore list (If you own an dynamic assigned one). As always please report your bugs or experience with the new version to this list. Best regards, -Stefan > Hello mailing list followers, > > this is the official release announcement for the first beta release > of > the new Guardian 2.0 approach. > > > - What are the differences to the current version of guardian > (legacy) > and the first approach of guardian 2.0? > > The most important difference is, that the new version of Guardian > 2.0 > completely has been re-written from scratch and released under the > terms of the GPLv3. The legacy version of guardian is not maintained > anymore by it's developer and the software has been released without > any license details at all. > > Guardian 2.0 has a very modular code base and has been designed as a > multi-threaded application. This allows a parallel parsing of all > monitored logfiles and faster actions, if one of the used modules > detects an attack. > > A very important difference to the legacy version is the support of > configuring and managing the entire service through the IPFire > webinterface. The entire configuration, managing of current blocked > hosts, unblocking them or editing the ignored hosts list now can be > done in a graphical way.  > > The legacy version of guardian only supported parsing snort alerts. > HTTPD and SSH support has been patched by the IPFire development team > some time ago. Guardian 2.0 supports all of them out of the box and > includes a filter to detect owncloud login brute-force attempts. As a > benefit of the new modular design, additional filters easily can be > added. > > Guardian 2.0 is able to reload it's configuration, reloading > the ignore list during runtime and handle, if the logfiles will get > rotated by logrotate. This actions can be called by using the > webinterface or from the command line interface by using > "guardianctrl". > > These are just a handful of the changes and benefits which comes with > Guardian 2.0, a complete list would be to long for this mailing list. > > > - How to join testing? > > To get part of the testing team, simple navigate to http://people.ipf > ir > e.org/~stevee/guardian-2.0/ and download the latest tarball > (currently > 002). Please take care to download the correct one, based on your > used > architecture. The i585 packages are for 32Bit installations of > IPFire, > the x86_64 packages only can be used on 64Bit installations. > > Put the downloaded file on your IPFire test system and extract the > package by using "tar -xvf guardian-2.0-002..tar.gz -C /". > > The final installation step would be to regenerate the language cache > by executing "update-lang-cache" on the console. > > From now you can find a new menu item called "Guardian" in your > "Service" menu after you have logged-in into your IPFire's > webinterface. > > Documentation can be found on the IPFire wiki: http://wiki.ipfire.org > /e > n/addons/guardian/start#the_guardian_20_addon > > > - Where to post bugs reports or provide feedback? > > If you find any bugs, please report them as usual on the IPFire > bugtracker, which can be found at https://bugzilla.ipfire.org. > > To provide feedback or to join a discussion, please send your mails > to > "development(a)lists.ipfire.org" (Please register first at http://lists > .i > pfire.org if not yet done). > > The source code can be found at http://git.ipfire.org/?p=people/steve > e/ > guardian.git;a=summary > > > Happy testing, > > -Stefan > --===============0364334397618170556== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlhqMzI5QUFvSkVFN1hUaFdQazdMZS9Bd1AvM3ljeWdWY08rL2E1SnhNZWJyZlF0UUgK RmYrUWVxZXpjM0diOEE0UFc3clJzek9Sd0toSy84T1dlZE15dGJMWk5oQU5uVTZjT2p3THVaeVFy Q1BqOFE0aAo0V0xmdFN4TVVidG05bk5uaHlzdXN6UzdJaWgrenYrczZkdzhCRVRDME5VdEVkMXdD cFV0dTNneHJGWlFnMXd5CnJlY042UFJwSHIwMjNTYTB0S1hiQUhKSERsc3BGREU0ckEya2pxT0tz QlFJWEpPUERpVE9vZThqcVA2dkdzVGQKZ2VHSTYwVTNGOWVWVmlYZjVuTE1ZWnlNVjY0cW1FUmxZ UWc2aTZib013WkVtaTBZWU9td2VabThhenFScVp1VQppTXNjMXZiZzRWUFdzYXowL2x0UUVKYkxP d2I4OHMwVVFJelJBVlIxMFJmcEh5NHBDU2tXTjZrNnJrOEZRcFc0ClJza2MxOW9BRUR2SUFhY2c2 bmFYYm1ldWZQTHUwUjExeDBKa29odzFKMERPSXc4WGt0eXVaSGRDVFkwMDdJKzEKeFVtTlZTZ0VK UU9mN3RScVA4dWZsU3VzUGFkcUgzSFlKVUs3SlhJM0F0ZUZYam5OaGR0SjE2WnEzZGdLUjBnVgpz Sm9COTNkUEpBejVQYlBxQnFQL0duMjlBcjl1Q2x6cjVSRzZyRytDMU1sVGdKNlNkTVpNQTNpL3Ex dlZvYk5GCmNRNVYrbEJQOGZ2eXhwcnJ2WndNcnhpbXNObE9ia25vQlFISmpaTzN5NlRWWFNoeTNx aWU0WWNFZG1VaWhqUXcKaHQyUkZXa0xwSVQyOFdJeHFxYU1JYndKY3FjaGs1LzRPc2VGSm5vVTV0 Mnk5WjhuUlIrZ1dBeHVCMVRUWWcxRApjWEM3ci83d1VCMWRJQ3BZa1NLNAo9b1VIYgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0364334397618170556==--