Hi, On 21.07.2016 13:28, Michael Tremer wrote: > On Thu, 2016-07-21 at 13:25 +0200, Matthias Fischer wrote: >> Hi, >> >> I mentioned this earlier, but it seems that 'guardian' has some kind of >> memory leak? > > Probably not a leak, but it seems that some used data is not freed. Maybe the > log files that guardian reads? That would be a huge amount of RAM for some (tiny) log-files... >> It started about two days ago with ~14 MB RAM. Then it jumped to ~34 MB, >> then to ~48 MB - today it suddenly uses 71 MB. > > Is this RSS or VIRT? This is Core 103 on real hardware. ;-) Profile: http://fireinfo.ipfire.org/profile/63d7b5d45f8a7816ca68810ed0061d7ff95a9958 Best, Matthias >> And if I start it on my testmachine (offline!) it uses ~90 MB. >> >> Can someone confirm? >> >> Besides this, its working without seen problems. >> >> Best, >> Matthias >> >> On 20.07.2016 15:33, Stefan Schantl wrote: >> > Hello testers, >> > >> > I've uploaded a new test version (003). >> > >> > Update or fresh install works like described in the announcement mail. >> > >> > The Changelog can be found here: >> > >> > http://people.ipfire.org/~stevee/guardian-2.0/Changelog.txt >> > >> > At the moment I'm missing feedback for the following functions: >> > >> > * Manually blocking / unblocking addresses. >> > * Dealing with the ignore list. >> > * Owncloud message parser. >> > * Logrotate, there should be an corresponding log entry in the guardian >> > logfile after rotation of the logfiles have been done. >> > * Reload of the ignore list after "Red" has been reconnected. There >> > also a corresponding log entry should be logged to the logfile and the >> > new "Red-address" should also be logged as part of the ignore list (If >> > you own an dynamic assigned one). >> > >> > As always please report your bugs or experience with the new version to >> > this list. >> > >> > Best regards, >> > >> > -Stefan >> > >> > > Hello mailing list followers, >> > > >> > > this is the official release announcement for the first beta release >> > > of >> > > the new Guardian 2.0 approach. >> > > >> > > >> > > - What are the differences to the current version of guardian >> > > (legacy) >> > > and the first approach of guardian 2.0? >> > > >> > > The most important difference is, that the new version of Guardian >> > > 2.0 >> > > completely has been re-written from scratch and released under the >> > > terms of the GPLv3. The legacy version of guardian is not maintained >> > > anymore by it's developer and the software has been released without >> > > any license details at all. >> > > >> > > Guardian 2.0 has a very modular code base and has been designed as a >> > > multi-threaded application. This allows a parallel parsing of all >> > > monitored logfiles and faster actions, if one of the used modules >> > > detects an attack. >> > > >> > > A very important difference to the legacy version is the support of >> > > configuring and managing the entire service through the IPFire >> > > webinterface. The entire configuration, managing of current blocked >> > > hosts, unblocking them or editing the ignored hosts list now can be >> > > done in a graphical way. >> > > >> > > The legacy version of guardian only supported parsing snort alerts. >> > > HTTPD and SSH support has been patched by the IPFire development team >> > > some time ago. Guardian 2.0 supports all of them out of the box and >> > > includes a filter to detect owncloud login brute-force attempts. As a >> > > benefit of the new modular design, additional filters easily can be >> > > added. >> > > >> > > Guardian 2.0 is able to reload it's configuration, reloading >> > > the ignore list during runtime and handle, if the logfiles will get >> > > rotated by logrotate. This actions can be called by using the >> > > webinterface or from the command line interface by using >> > > "guardianctrl". >> > > >> > > These are just a handful of the changes and benefits which comes with >> > > Guardian 2.0, a complete list would be to long for this mailing list. >> > > >> > > >> > > - How to join testing? >> > > >> > > To get part of the testing team, simple navigate to http://people.ipf >> > > ir >> > > e.org/~stevee/guardian-2.0/ and download the latest tarball >> > > (currently >> > > 002). Please take care to download the correct one, based on your >> > > used >> > > architecture. The i585 packages are for 32Bit installations of >> > > IPFire, >> > > the x86_64 packages only can be used on 64Bit installations. >> > > >> > > Put the downloaded file on your IPFire test system and extract the >> > > package by using "tar -xvf guardian-2.0-002..tar.gz -C /". >> > > >> > > The final installation step would be to regenerate the language cache >> > > by executing "update-lang-cache" on the console. >> > > >> > > From now you can find a new menu item called "Guardian" in your >> > > "Service" menu after you have logged-in into your IPFire's >> > > webinterface. >> > > >> > > Documentation can be found on the IPFire wiki: http://wiki.ipfire.org >> > > /e >> > > n/addons/guardian/start#the_guardian_20_addon >> > > >> > > >> > > - Where to post bugs reports or provide feedback? >> > > >> > > If you find any bugs, please report them as usual on the IPFire >> > > bugtracker, which can be found at https://bugzilla.ipfire.org. >> > > >> > > To provide feedback or to join a discussion, please send your mails >> > > to >> > > "development(a)lists.ipfire.org" (Please register first at http://lists >> > > .i >> > > pfire.org if not yet done). >> > > >> > > The source code can be found at http://git.ipfire.org/?p=people/steve >> > > e/ >> > > guardian.git;a=summary >> > > >> > > >> > > Happy testing, >> > > >> > > -Stefan >> > > >> > >> >