From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: Betatest Guardian 2.0 Date: Thu, 21 Jul 2016 13:25:20 +0200 Message-ID: <8987e03f-e8e3-c8cc-dc09-96a0937a0f2e@ipfire.org> In-Reply-To: <1469021628.22228.8.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6430608957321187281==" List-Id: --===============6430608957321187281== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, I mentioned this earlier, but it seems that 'guardian' has some kind of memory leak? It started about two days ago with ~14 MB RAM. Then it jumped to ~34 MB, then to ~48 MB - today it suddenly uses 71 MB. And if I start it on my testmachine (offline!) it uses ~90 MB. Can someone confirm? Besides this, its working without seen problems. Best, Matthias On 20.07.2016 15:33, Stefan Schantl wrote: > Hello testers, > > I've uploaded a new test version (003). > > Update or fresh install works like described in the announcement mail. > > The Changelog can be found here: > > http://people.ipfire.org/~stevee/guardian-2.0/Changelog.txt > > At the moment I'm missing feedback for the following functions: > > * Manually blocking / unblocking addresses. > * Dealing with the ignore list. > * Owncloud message parser. > * Logrotate, there should be an corresponding log entry in the guardian > logfile after rotation of the logfiles have been done. > * Reload of the ignore list after "Red" has been reconnected. There > also a corresponding log entry should be logged to the logfile and the > new "Red-address" should also be logged as part of the ignore list (If > you own an dynamic assigned one). > > As always please report your bugs or experience with the new version to > this list. > > Best regards, > > -Stefan > >> Hello mailing list followers, >> >> this is the official release announcement for the first beta release >> of >> the new Guardian 2.0 approach. >> >> >> - What are the differences to the current version of guardian >> (legacy) >> and the first approach of guardian 2.0? >> >> The most important difference is, that the new version of Guardian >> 2.0 >> completely has been re-written from scratch and released under the >> terms of the GPLv3. The legacy version of guardian is not maintained >> anymore by it's developer and the software has been released without >> any license details at all. >> >> Guardian 2.0 has a very modular code base and has been designed as a >> multi-threaded application. This allows a parallel parsing of all >> monitored logfiles and faster actions, if one of the used modules >> detects an attack. >> >> A very important difference to the legacy version is the support of >> configuring and managing the entire service through the IPFire >> webinterface. The entire configuration, managing of current blocked >> hosts, unblocking them or editing the ignored hosts list now can be >> done in a graphical way. >> >> The legacy version of guardian only supported parsing snort alerts. >> HTTPD and SSH support has been patched by the IPFire development team >> some time ago. Guardian 2.0 supports all of them out of the box and >> includes a filter to detect owncloud login brute-force attempts. As a >> benefit of the new modular design, additional filters easily can be >> added. >> >> Guardian 2.0 is able to reload it's configuration, reloading >> the ignore list during runtime and handle, if the logfiles will get >> rotated by logrotate. This actions can be called by using the >> webinterface or from the command line interface by using >> "guardianctrl". >> >> These are just a handful of the changes and benefits which comes with >> Guardian 2.0, a complete list would be to long for this mailing list. >> >> >> - How to join testing? >> >> To get part of the testing team, simple navigate to http://people.ipf >> ir >> e.org/~stevee/guardian-2.0/ and download the latest tarball >> (currently >> 002). Please take care to download the correct one, based on your >> used >> architecture. The i585 packages are for 32Bit installations of >> IPFire, >> the x86_64 packages only can be used on 64Bit installations. >> >> Put the downloaded file on your IPFire test system and extract the >> package by using "tar -xvf guardian-2.0-002..tar.gz -C /". >> >> The final installation step would be to regenerate the language cache >> by executing "update-lang-cache" on the console. >> >> From now you can find a new menu item called "Guardian" in your >> "Service" menu after you have logged-in into your IPFire's >> webinterface. >> >> Documentation can be found on the IPFire wiki: http://wiki.ipfire.org >> /e >> n/addons/guardian/start#the_guardian_20_addon >> >> >> - Where to post bugs reports or provide feedback? >> >> If you find any bugs, please report them as usual on the IPFire >> bugtracker, which can be found at https://bugzilla.ipfire.org. >> >> To provide feedback or to join a discussion, please send your mails >> to >> "development(a)lists.ipfire.org" (Please register first at http://lists >> .i >> pfire.org if not yet done). >> >> The source code can be found at http://git.ipfire.org/?p=people/steve >> e/ >> guardian.git;a=summary >> >> >> Happy testing, >> >> -Stefan >> > --===============6430608957321187281==--