Re: Feedback regarding version 8 of the "IDS multiple provider" feature

[Stefan Schantl <stefan.schantl@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3581 bytes --]

Hello Peter,

a big thanks for having a look and sharing your issues here.

I've fixed both bugs and uploaded a new test package (009).

https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-providers-009.tar.gz

Please re-test and report any remain or new issues.

A big thanks in advance,

-Stefan

 
> Hello Stefan,
> 
> as discussed on Monday
> (https://wiki.ipfire.org/devel/telco/2022-01-03), I tested version 8
> of the "IDS multiple provider" feature you developed. First of all,
> thank you very much for
> all the efforts you have put into this!
> 
> As you told me on the phone the other day, I downloaded the .tar.gz
> file, and extracted it
> directly into / :
> 
> [root(a)maverick ~]# sha256sum ids-multiple-providers-008.tar.gz 
> 8fc42820a833f4a096c311d3e21a28f4a8dac7d772ca9b72ec0fbbbaad65be82 
> ids-multiple-providers-008.tar.gz
> [root(a)maverick ~]# tar xvzf ids-multiple-providers-008.tar.gz -C /
> usr/share/suricata/rules/app-layer-events.rules
> var/ipfire/langs/
> etc/
> var/ipfire/backup/
> usr/share/suricata/rules/stream-events.rules
> usr/share/suricata/rules/files.rules
> usr/share/suricata/rules/http-events.rules
> usr/share/
> usr/share/suricata/classification.config
> var/ipfire/suricata/oinkmaster.conf
> usr/share/suricata/rules/decoder-events.rules
> srv/
> usr/share/suricata/rules/nfs-events.rules
> usr/
> usr/local/bin/update-ids-ruleset
> etc/suricata/suricata.yaml
> usr/share/suricata/threshold.config
> var/ipfire/langs/de.pl
> var/ipfire/backup/bin/backup.pl
> usr/local/
> usr/share/suricata/rules/smb-events.rules
> var/ipfire/backup/bin/
> usr/share/suricata/rules/dhcp-events.rules
> usr/local/bin/
> usr/share/suricata/rules/modbus-events.rules
> var/ipfire/ids-functions.pl
> usr/share/suricata/rules/ntp-events.rules
> var/ipfire/langs/en.pl
> var/ipfire/suricata/
> usr/share/suricata/rules/dnp3-events.rules
> usr/share/suricata/reference.config
> usr/share/suricata/rules/smtp-events.rules
> usr/share/suricata/rules/
> var/ipfire/backup/include
> srv/web/ipfire/
> usr/share/suricata/rules/kerberos-events.rules
> usr/sbin/convert-ids-multiple-providers
> usr/share/suricata/
> srv/web/
> usr/share/suricata/rules/ipsec-events.rules
> srv/web/ipfire/cgi-bin/ids.cgi
> usr/sbin/convert-snort
> srv/web/ipfire/cgi-bin/
> var/ipfire/
> usr/sbin/
> usr/share/suricata/rules/tls-events.rules
> var/
> etc/suricata/
> usr/share/suricata/rules/dns-events.rules
> var/ipfire/suricata/ruleset-sources
> 
> Afterwards, I updated the language cache and ran the convert script:
> 
> [root(a)maverick ~]# update-lang-cache 
> [root(a)maverick ~]# /usr/sbin/convert-ids-multiple-providers
> The  does not exist. Cannot change the ownership!
> 
> Aside from the message emitted by /usr/sbin/convert-ids-multiple-
> providers (bug #12758 has been filed for
> investigating on this one), I came across a file permission error
> while writing /var/ipfire/suricata/suricata-default-rules.yaml
> (see bug #12759 for details).
> 
> Apart from these, the CGI looks good, is sufficiently translated
> (sometimes, "zurück" is spelled in capital
> letters, sometimes, it is not - but that's merely an aesthetic
> issue), and behaves like expected. So, I'd
> treat it al almost being ready for production. :-)
> 
> Please take a look at bug #12758 and #12759, and reply to me there if
> I shall provide further information.
> 
> Thank you in advance for your efforts.
> 
> Thanks, and best regards,
> Peter Müller