From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: Betatest Guardian 2.0 Date: Wed, 20 Jul 2016 15:37:45 +0200 Message-ID: <1469021865.22228.12.camel@ipfire.org> In-Reply-To: <1468922473.13947.13.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3805721552028070750==" List-Id: --===============3805721552028070750== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit > Hello Daniel, > > thanks for testing and your feedback. > > > > Hi > > At first everything seems to wok as designed. > > > > First thing I found... > > If  I add an IP to the ignorelist it also works as designed. But if > > I  > > remove it the Webif didn't show it any more but the IP seems to be > > still  > > ignored until I restart the Guardian. > > > Seems to be a bug, I'll have a look on the code. Should be fixed in the latest version 003. > > > > > Next thing. > > The owncloud parser don't work. Please tell me what you need. > Nothing at all, I will have to do a deeper look into the non working > code. I'll post the updated parser to the mailinglist so the new one > can be tested. > Please install the latest test version 003. This release should contain a fixed parser for owncloud. (untested because I don't use owncloud) > > > > > > I wish me a restart button on the webif. > Why do you think to need such a button. Guardian is designed to > reload > and communicate with the WUI over a Socket connection. So there > should > not be any need to do a restart of guardian, except an update of the > daemon has been installed. > > > > > > - > > Daniel > Best regards, > > -Stefan > > > > > > > > > > Am 18.07.2016 um 16:01 schrieb Stefan Schantl: > > > > > > > > > Hello mailing list followers, > > > > > > this is the official release announcement for the first beta > > > release of > > > the new Guardian 2.0 approach. > > > > > > > > > - What are the differences to the current version of guardian > > > (legacy) > > > and the first approach of guardian 2.0? > > > > > > The most important difference is, that the new version of > > > Guardian > > > 2.0 > > > completely has been re-written from scratch and released under > > > the > > > terms of the GPLv3. The legacy version of guardian is not > > > maintained > > > anymore by it's developer and the software has been released > > > without > > > any license details at all. > > > > > > Guardian 2.0 has a very modular code base and has been designed > > > as > > > a > > > multi-threaded application. This allows a parallel parsing of all > > > monitored logfiles and faster actions, if one of the used modules > > > detects an attack. > > > > > > A very important difference to the legacy version is the support > > > of > > > configuring and managing the entire service through the IPFire > > > webinterface. The entire configuration, managing of current > > > blocked > > > hosts, unblocking them or editing the ignored hosts list now can > > > be > > > done in a graphical way. > > > > > > The legacy version of guardian only supported parsing snort > > > alerts. > > > HTTPD and SSH support has been patched by the IPFire development > > > team > > > some time ago. Guardian 2.0 supports all of them out of the box > > > and > > > includes a filter to detect owncloud login brute-force attempts. > > > As > > > a > > > benefit of the new modular design, additional filters easily can > > > be > > > added. > > > > > > Guardian 2.0 is able to reload it's configuration, reloading > > > the ignore list during runtime and handle, if the logfiles will > > > get > > > rotated by logrotate. This actions can be called by using the > > > webinterface or from the command line interface by using > > > "guardianctrl". > > > > > > These are just a handful of the changes and benefits which comes > > > with > > > Guardian 2.0, a complete list would be to long for this mailing > > > list. > > > > > > > > > - How to join testing? > > > > > > To get part of the testing team, simple navigate to http://people > > > .i > > > pfir > > > e.org/~stevee/guardian-2.0/ and download the latest tarball > > > (currently > > > 002). Please take care to download the correct one, based on your > > > used > > > architecture. The i585 packages are for 32Bit installations of > > > IPFire, > > > the x86_64 packages only can be used on 64Bit installations. > > > > > > Put the downloaded file on your IPFire test system and extract > > > the > > > package by using "tar -xvf guardian-2.0-002..tar.gz -C /". > > > > > > The final installation step would be to regenerate the language > > > cache > > > by executing "update-lang-cache" on the console. > > > > > >  From now you can find a new menu item called "Guardian" in your > > > "Service" menu after you have logged-in into your IPFire's > > > webinterface. > > > > > > Documentation can be found on the IPFire wiki: http://wiki.ipfire > > > .o > > > rg/e > > > n/addons/guardian/start#the_guardian_20_addon > > > > > > > > > - Where to post bugs reports or provide feedback? > > > > > > If you find any bugs, please report them as usual on the IPFire > > > bugtracker, which can be found at https://bugzilla.ipfire.org. > > > > > > To provide feedback or to join a discussion, please send your > > > mails > > > to > > > "development(a)lists.ipfire.org" (Please register first at http://l > > > is > > > ts.i > > > pfire.org if not yet done). > > > > > > The source code can be found at http://git.ipfire.org/?p=people/s > > > te > > > vee/ > > > guardian.git;a=summary > > > > > > > > > Happy testing, > > > > > > -Stefan --===============3805721552028070750== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlhqMzZwQUFvSkVFN1hUaFdQazdMZUUzOFFBS210MkF4YU1GNnoxeFpLek9idmNjeU0K cFlhcm1VWUJmc1p2N1FiOFQxNmxlRFdWb3BhVFBnQ2dYeWpLV2gvVzRuWlNBV2MxY2dkR0hESUll Y1FvbUw0SwppMmJFdkNyRkV0MzF6elhXYnp3aEFQdFYrcnNLZ1AvNm81YTRlVkx1MmgzK0tUK3po czFYSXEzclpJNks1U2VaCmIzZlhlajdSN2s5QVhsS1lLbFVzRW5HbVZ0Sk82dktmdkwyRi85WGJH SVhFR3dXZU15RUJlSHcxUkppZHU3L2wKWTdhUXM5RHA5VE80K1ZMTzUza0RHbnpOQW53MW5vWE1p d3cyWFY5alo4TG9JNTh3TFJob1MvcHc3WnJCMUo0SgpDaVFNRmhqSThkczJOdDZpanREMjQySXJW cUtIYXlJQUMwcjQzbVEzeTBkdDRvUjZUVGNlTXlpOTFvUUhhVnZECkduSUdUN3RzbTNWSFVrRDhi ejFoR2R3dER3SkZSakpIWUxXeDJ4MExhRitHOGlxdEUvY1lOWDBhRmhVV0htbGYKV2M2S1BKYWZJ R2k0RGNud1VaRkhpZk9WR0N5RDBpQ2dqbUVCRXFuRjA4SlFVZktEOWtGRFRwb21LWTNiSW5TVgow U2N4WGJGaGV3TlpMZHZkOTA5MWNXQ2dvNytqbVFXeFRSQlZjWU9VODVsdEllVnhmQVJXa0w3eUMx QUt5ZlpZCllDSFd2ejB6ZXNmSnRhUnp3eFNGOFVUMXU1UWRxNHQ2VTR2UFVMcEJjOVl4WnhmN1lG clgrNk9zVnQvWGU4eFgKVDAxWDVCYTlnVll4eVNEYkJLZFo4R2Jzb3ZYRWViT1NvTEpvbEZjQW9J OVA5bXozUHRWT0xRekRGVzRKbHl3NApndGYrcmVqdEZzWjZtSEJxMlpQdgo9djY0QQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============3805721552028070750==--