On Thu, 2016-07-21 at 13:25 +0200, Matthias Fischer wrote: > Hi, > > I mentioned this earlier, but it seems that 'guardian' has some kind of > memory leak? Probably not a leak, but it seems that some used data is not freed. Maybe the log files that guardian reads? > It started about two days ago with ~14 MB RAM. Then it jumped to ~34 MB, > then to ~48 MB - today it suddenly uses 71 MB. Is this RSS or VIRT? > And if I start it on my testmachine (offline!) it uses ~90 MB. > > Can someone confirm? > > Besides this, its working without seen problems. > > Best, > Matthias > > On 20.07.2016 15:33, Stefan Schantl wrote: > > Hello testers, > > > > I've uploaded  a new test version (003). > > > > Update or fresh install works like described in the announcement mail. > > > > The Changelog can be found here: > > > > http://people.ipfire.org/~stevee/guardian-2.0/Changelog.txt > > > > At the moment I'm missing feedback for the following functions: > > > > * Manually blocking / unblocking addresses. > > * Dealing with the ignore list. > > * Owncloud message parser. > > * Logrotate, there should be an corresponding log entry in the guardian > > logfile after rotation of the logfiles have been done. > > * Reload of the ignore list after "Red" has been reconnected. There > > also a corresponding log entry should be logged to the logfile and the > > new "Red-address" should also be logged as part of the ignore list (If > > you own an dynamic assigned one). > > > > As always please report your bugs or experience with the new version to > > this list. > > > > Best regards, > > > > -Stefan > > > > > Hello mailing list followers, > > > > > > this is the official release announcement for the first beta release > > > of > > > the new Guardian 2.0 approach. > > > > > > > > > - What are the differences to the current version of guardian > > > (legacy) > > > and the first approach of guardian 2.0? > > > > > > The most important difference is, that the new version of Guardian > > > 2.0 > > > completely has been re-written from scratch and released under the > > > terms of the GPLv3. The legacy version of guardian is not maintained > > > anymore by it's developer and the software has been released without > > > any license details at all. > > > > > > Guardian 2.0 has a very modular code base and has been designed as a > > > multi-threaded application. This allows a parallel parsing of all > > > monitored logfiles and faster actions, if one of the used modules > > > detects an attack. > > > > > > A very important difference to the legacy version is the support of > > > configuring and managing the entire service through the IPFire > > > webinterface. The entire configuration, managing of current blocked > > > hosts, unblocking them or editing the ignored hosts list now can be > > > done in a graphical way.  > > > > > > The legacy version of guardian only supported parsing snort alerts. > > > HTTPD and SSH support has been patched by the IPFire development team > > > some time ago. Guardian 2.0 supports all of them out of the box and > > > includes a filter to detect owncloud login brute-force attempts. As a > > > benefit of the new modular design, additional filters easily can be > > > added. > > > > > > Guardian 2.0 is able to reload it's configuration, reloading > > > the ignore list during runtime and handle, if the logfiles will get > > > rotated by logrotate. This actions can be called by using the > > > webinterface or from the command line interface by using > > > "guardianctrl". > > > > > > These are just a handful of the changes and benefits which comes with > > > Guardian 2.0, a complete list would be to long for this mailing list. > > > > > > > > > - How to join testing? > > > > > > To get part of the testing team, simple navigate to http://people.ipf > > > ir > > > e.org/~stevee/guardian-2.0/ and download the latest tarball > > > (currently > > > 002). Please take care to download the correct one, based on your > > > used > > > architecture. The i585 packages are for 32Bit installations of > > > IPFire, > > > the x86_64 packages only can be used on 64Bit installations. > > > > > > Put the downloaded file on your IPFire test system and extract the > > > package by using "tar -xvf guardian-2.0-002..tar.gz -C /". > > > > > > The final installation step would be to regenerate the language cache > > > by executing "update-lang-cache" on the console. > > > > > > From now you can find a new menu item called "Guardian" in your > > > "Service" menu after you have logged-in into your IPFire's > > > webinterface. > > > > > > Documentation can be found on the IPFire wiki: http://wiki.ipfire.org > > > /e > > > n/addons/guardian/start#the_guardian_20_addon > > > > > > > > > - Where to post bugs reports or provide feedback? > > > > > > If you find any bugs, please report them as usual on the IPFire > > > bugtracker, which can be found at https://bugzilla.ipfire.org. > > > > > > To provide feedback or to join a discussion, please send your mails > > > to > > > "development(a)lists.ipfire.org" (Please register first at http://lists > > > .i > > > pfire.org if not yet done). > > > > > > The source code can be found at http://git.ipfire.org/?p=people/steve > > > e/ > > > guardian.git;a=summary > > > > > > > > > Happy testing, > > > > > > -Stefan > > > > > >