* Update for Snort and daq
@ 2012-11-01 16:16 Erik K.
2012-11-01 16:52 ` Michael Tremer
2012-11-02 11:36 ` arne_f
0 siblings, 2 replies; 5+ messages in thread
From: Erik K. @ 2012-11-01 16:16 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 490 bytes --]
Hi all,
i want to inform you that i have commit an update to the latest version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for example the configuration file from Snort has been changed, also there are a couple of new rules contained and some more. Patches and an .iso Image with both updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
Please test it and leave some feedback.
Thanks and greetings
Erik
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Update for Snort and daq
2012-11-01 16:16 Update for Snort and daq Erik K.
@ 2012-11-01 16:52 ` Michael Tremer
2012-11-01 19:28 ` Erik K.
2012-11-02 11:36 ` arne_f
1 sibling, 1 reply; 5+ messages in thread
From: Michael Tremer @ 2012-11-01 16:52 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 807 bytes --]
Hey,
I would love to see some people testing this, because snort is scheduled
for the next core update.
Arne is going to merge this soon and so I guess that there will be a few
days until this appears in the testing tree.
Michael
On Thu, 2012-11-01 at 17:16 +0100, Erik K. wrote:
> Hi all,
> i want to inform you that i have commit an update to the latest version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for example the configuration file from Snort has been changed, also there are a couple of new rules contained and some more. Patches and an .iso Image with both updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
>
> Please test it and leave some feedback.
>
> Thanks and greetings
>
> Erik
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Update for Snort and daq
2012-11-01 16:52 ` Michael Tremer
@ 2012-11-01 19:28 ` Erik K.
2012-11-03 13:51 ` Stefan Schantl
0 siblings, 1 reply; 5+ messages in thread
From: Erik K. @ 2012-11-01 19:28 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]
Hi Michael,
i have tested some ICMP and Shellcode rules. The rules needs to be activated for special purposes by clicking the category and selecting the specifics. The test has been done with the VRT sourcefire rules (for registrated users) so far the alerts are working and they are also displayed by the WUI. But i think it is important that more testing environments go for a checkout.
Also i have checked the logs for specific warnings and errors and i haven´t found some errors or heavily warnings only some old well known messages which doesn´t constrain the functionality of Snort.
But as i said the more people are testing the better it is
Erik
Am 01.11.2012 um 17:52 schrieb Michael Tremer:
> Hey,
>
> I would love to see some people testing this, because snort is scheduled
> for the next core update.
>
> Arne is going to merge this soon and so I guess that there will be a few
> days until this appears in the testing tree.
>
> Michael
>
> On Thu, 2012-11-01 at 17:16 +0100, Erik K. wrote:
>> Hi all,
>> i want to inform you that i have commit an update to the latest version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for example the configuration file from Snort has been changed, also there are a couple of new rules contained and some more. Patches and an .iso Image with both updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
>>
>> Please test it and leave some feedback.
>>
>> Thanks and greetings
>>
>> Erik
>>
>>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Update for Snort and daq
2012-11-01 16:16 Update for Snort and daq Erik K.
2012-11-01 16:52 ` Michael Tremer
@ 2012-11-02 11:36 ` arne_f
1 sibling, 0 replies; 5+ messages in thread
From: arne_f @ 2012-11-02 11:36 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]
Hi Erik,
can you check the rootfiles of snort again. You have additional
included the shared libraries of the dynamic preprocessor and similar
things but
the whole folder is also in the rootfile so the libraries are tared
twice into the package.
Arne
On Thu, 1 Nov 2012 17:16:26 +0100, Erik K. <ummeegge(a)ipfire.org> wrote:
> Hi all,
> i want to inform you that i have commit an update to the latest
> version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot
> of changes for example the configuration file from Snort has been
> changed, also there are a couple of new rules contained and some more.
> Patches and an .iso Image with both updates can be found in the
> Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
>
> Please test it and leave some feedback.
>
> Thanks and greetings
>
> Erik
>
>
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Update for Snort and daq
2012-11-01 19:28 ` Erik K.
@ 2012-11-03 13:51 ` Stefan Schantl
0 siblings, 0 replies; 5+ messages in thread
From: Stefan Schantl @ 2012-11-03 13:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2226 bytes --]
Hello Erik,
I've downloaded your image and installed it on a Virtual Machine.
Set up the new snort with the ruleset from emerginthreads.net without
any problems.
I activated the scan rules, and tested them by scanning the system with
nmap - snort successfully generated messages on the alert log file.
I also tested if guardian also work with the new version of snort, and
the IP address of the "nmap system" has been blocked.
Best regards,
Stefan
> Hi Michael,
> i have tested some ICMP and Shellcode rules. The rules needs to be activated for special purposes by clicking the category and selecting the specifics. The test has been done with the VRT sourcefire rules (for registrated users) so far the alerts are working and they are also displayed by the WUI. But i think it is important that more testing environments go for a checkout.
> Also i have checked the logs for specific warnings and errors and i haven´t found some errors or heavily warnings only some old well known messages which doesn´t constrain the functionality of Snort.
>
> But as i said the more people are testing the better it is
>
> Erik
>
> Am 01.11.2012 um 17:52 schrieb Michael Tremer:
>
>> Hey,
>>
>> I would love to see some people testing this, because snort is scheduled
>> for the next core update.
>>
>> Arne is going to merge this soon and so I guess that there will be a few
>> days until this appears in the testing tree.
>>
>> Michael
>>
>> On Thu, 2012-11-01 at 17:16 +0100, Erik K. wrote:
>>> Hi all,
>>> i want to inform you that i have commit an update to the latest version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for example the configuration file from Snort has been changed, also there are a couple of new rules contained and some more. Patches and an .iso Image with both updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
>>>
>>> Please test it and leave some feedback.
>>>
>>> Thanks and greetings
>>>
>>> Erik
>>>
>>>
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-11-03 13:51 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-01 16:16 Update for Snort and daq Erik K.
2012-11-01 16:52 ` Michael Tremer
2012-11-01 19:28 ` Erik K.
2012-11-03 13:51 ` Stefan Schantl
2012-11-02 11:36 ` arne_f
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox