Hello Erik,
I've downloaded your image and installed it on a Virtual Machine. Set up the new snort with the ruleset from emerginthreads.net without any problems. I activated the scan rules, and tested them by scanning the system with nmap - snort successfully generated messages on the alert log file.
I also tested if guardian also work with the new version of snort, and the IP address of the "nmap system" has been blocked.
Best regards,
Stefan
Hi Michael, i have tested some ICMP and Shellcode rules. The rules needs to be activated for special purposes by clicking the category and selecting the specifics. The test has been done with the VRT sourcefire rules (for registrated users) so far the alerts are working and they are also displayed by the WUI. But i think it is important that more testing environments go for a checkout. Also i have checked the logs for specific warnings and errors and i haven´t found some errors or heavily warnings only some old well known messages which doesn´t constrain the functionality of Snort.
But as i said the more people are testing the better it is
Erik
Am 01.11.2012 um 17:52 schrieb Michael Tremer:
Hey,
I would love to see some people testing this, because snort is scheduled for the next core update.
Arne is going to merge this soon and so I guess that there will be a few days until this appears in the testing tree.
Michael
On Thu, 2012-11-01 at 17:16 +0100, Erik K. wrote:
Hi all, i want to inform you that i have commit an update to the latest version of Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for example the configuration file from Snort has been changed, also there are a couple of new rules contained and some more. Patches and an .iso Image with both updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/show_bug.cgi?id=10255
Please test it and leave some feedback.
Thanks and greetings
Erik
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development