From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: Feedback regarding version 8 of the "IDS multiple provider" feature Date: Sat, 08 Jan 2022 16:35:33 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7199716634473847169==" List-Id: --===============7199716634473847169== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Peter, a big thanks for having a look and sharing your issues here. I've fixed both bugs and uploaded a new test package (009). https://people.ipfire.org/~stevee/ids-multiple-providers/ids-multiple-provide= rs-009.tar.gz Please re-test and report any remain or new issues. A big thanks in advance, -Stefan =20 > Hello Stefan, >=20 > as discussed on Monday > (https://wiki.ipfire.org/devel/telco/2022-01-03), I tested version 8 > of the "IDS multiple provider" feature you developed. First of all, > thank you very much for > all the efforts you have put into this! >=20 > As you told me on the phone the other day, I downloaded the .tar.gz > file, and extracted it > directly into / : >=20 > [root(a)maverick ~]# sha256sum ids-multiple-providers-008.tar.gz=20 > 8fc42820a833f4a096c311d3e21a28f4a8dac7d772ca9b72ec0fbbbaad65be82=C2=A0 > ids-multiple-providers-008.tar.gz > [root(a)maverick ~]# tar xvzf ids-multiple-providers-008.tar.gz -C / > usr/share/suricata/rules/app-layer-events.rules > var/ipfire/langs/ > etc/ > var/ipfire/backup/ > usr/share/suricata/rules/stream-events.rules > usr/share/suricata/rules/files.rules > usr/share/suricata/rules/http-events.rules > usr/share/ > usr/share/suricata/classification.config > var/ipfire/suricata/oinkmaster.conf > usr/share/suricata/rules/decoder-events.rules > srv/ > usr/share/suricata/rules/nfs-events.rules > usr/ > usr/local/bin/update-ids-ruleset > etc/suricata/suricata.yaml > usr/share/suricata/threshold.config > var/ipfire/langs/de.pl > var/ipfire/backup/bin/backup.pl > usr/local/ > usr/share/suricata/rules/smb-events.rules > var/ipfire/backup/bin/ > usr/share/suricata/rules/dhcp-events.rules > usr/local/bin/ > usr/share/suricata/rules/modbus-events.rules > var/ipfire/ids-functions.pl > usr/share/suricata/rules/ntp-events.rules > var/ipfire/langs/en.pl > var/ipfire/suricata/ > usr/share/suricata/rules/dnp3-events.rules > usr/share/suricata/reference.config > usr/share/suricata/rules/smtp-events.rules > usr/share/suricata/rules/ > var/ipfire/backup/include > srv/web/ipfire/ > usr/share/suricata/rules/kerberos-events.rules > usr/sbin/convert-ids-multiple-providers > usr/share/suricata/ > srv/web/ > usr/share/suricata/rules/ipsec-events.rules > srv/web/ipfire/cgi-bin/ids.cgi > usr/sbin/convert-snort > srv/web/ipfire/cgi-bin/ > var/ipfire/ > usr/sbin/ > usr/share/suricata/rules/tls-events.rules > var/ > etc/suricata/ > usr/share/suricata/rules/dns-events.rules > var/ipfire/suricata/ruleset-sources >=20 > Afterwards, I updated the language cache and ran the convert script: >=20 > [root(a)maverick ~]# update-lang-cache=20 > [root(a)maverick ~]# /usr/sbin/convert-ids-multiple-providers > The=C2=A0 does not exist. Cannot change the ownership! >=20 > Aside from the message emitted by /usr/sbin/convert-ids-multiple- > providers (bug #12758 has been filed for > investigating on this one), I came across a file permission error > while writing /var/ipfire/suricata/suricata-default-rules.yaml > (see bug #12759 for details). >=20 > Apart from these, the CGI looks good, is sufficiently translated > (sometimes, "zur=C3=BCck" is spelled in capital > letters, sometimes, it is not - but that's merely an aesthetic > issue), and behaves like expected. So, I'd > treat it al almost being ready for production. :-) >=20 > Please take a look at bug #12758 and #12759, and reply to me there if > I shall provide further information. >=20 > Thank you in advance for your efforts. >=20 > Thanks, and best regards, > Peter M=C3=BCller --===============7199716634473847169==--