OK. Now I have everything working well. Guardian is auto-blocking and allowing me to selectively block and unblock as well as unblock all.
I think the IDS module really needs some kind of default settings for those who want to use it but don't understand the complexities of Snort's rules. I just guessed at things when I set Snort up, but it does produce logs of possible intrusion attempts and Guardian does respond appropriately.
On Sat, Jul 16, 2016 at 2:43 PM, R. W. Rodolico rodo@dailydata.net wrote:
I saw the same issue and filed a bug report (https://bugzilla.ipfire.org/show_bug.cgi?id=11146).
When something like this pops up, I generally https://bugzilla.ipfire.org/show_bug.cgi?id=11146 immediately after the problem shows up; that usually gives some indication of the problem.
As Matthias says, it is a permissions issue on the configuration file directory. Either manually create the files (with correct ownership and permission) or change ownership/permission on the directory. Then, you have a nice, pretty GUI.
I was able to efficiently block myself from the GUI after that. Since I don't know anything about how to test Snort, I'm having problems getting it to block automatically, but that is another issue.
Rod
On 07/16/2016 09:19 AM, Mark Coolen wrote:
I'm a bit confused about that. Why would 2.0-002 be newer than 2.0-010? There's a 2.0-012 under 'old approach' but those files have an older timestamp. The 2.0-002 is a tarball, but the 2.0-010 is an ipfire package as are the 'dependancies'. I've used Guardian 2 several times in the past by just extracting according to the instructions on stevee's ;--) page, but that doesn't seem to work with the 2.0-002 tarball. I just get a completely blank page in the GUI. How do we test?
On Sat, Jul 16, 2016 at 2:59 AM, Matthias Fischer <matthias.fischer@ipfire.org mailto:matthias.fischer@ipfire.org>
wrote:
Hi, Ok, next. Am I right assuming that the '2.0-002'-version at http://people.ipfire.org/~stevee/guardian-2.0/ plus http://people.ipfire.org/~stevee/guardian-2.0/packages/dependencies/is
the latest!? Best, Matthias On 16.07.2016 04:03, Mark Coolen wrote: > I'm willing to test it as well. I take it the instructions from > http://planet.ipfire.org/post/introducing-guardian-2-0-for-ipfire are still > good? > > On Fri, Jul 15, 2016 at 8:23 PM, R. W. Rodolico <rodo@dailydata.net <mailto:rodo@dailydata.net>> wrote: >Tell me what I need to do to test Guardian. I've never installed it, but I am doing it now.
Rod
On 07/15/2016 05:00 AM, Michael Tremer wrote:
Hi guys,
even if you have a conversation on the phone, please try keeping us in the loop.
So the key points of what I know:
- A release is targeted for core update 104
- There are a few changes required so that re-blocking a host after
it has been manually unblocked allows this host the configured number of tries again and not only one.
- Many more testers are required since feedback is really low at
this point.
Did I get this right? What is the ETA for a set of patches on the mailing list?
What is the plan to engage more testers?
Best, -Michael
On Thu, 2016-07-14 at 14:36 +0200, Daniel Weismüller wrote:
Hi Stevee I know you are very busy and working hard on the this. But if you want to release the new Guardian 2 with Core 104 we still need to do some work and it must be tested! So please tell us something about the new guardian2 and the state of your work.
Maybe we find more testers here on the list.
Meanwhile I've talked with Michael about the state which I know of the guardian2 and we both go confirm that the list of blocked IPs which runs in the background isn't a good idea. Please let us talk by phone about it again.
- Daniel
>> > > >-- _ _ _ ___ _ )/,) ___ __ )L, )) __ __ )) __ _ _ ((`(( ((_( (| ((\ ((__((_)((_)(( (('(((
-- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net