Betatest Guardian 2.0
Message ID | d203cd0d-5e4b-93b1-9437-8cbf033d8edb@ipfire.org |
---|---|
State | Accepted |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (hedwig.ipfire.org [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id C34B361D6D for <patchwork@ipfire.org>; Wed, 20 Jul 2016 16:28:19 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 522A7225A; Wed, 20 Jul 2016 16:28:17 +0200 (CEST) Received: from [192.168.100.1] (p57905EB1.dip0.t-ipconnect.de [87.144.94.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 59AC6178C; Wed, 20 Jul 2016 16:28:10 +0200 (CEST) Subject: Re: Betatest Guardian 2.0 To: Stefan Schantl <stefan.schantl@ipfire.org>, development@lists.ipfire.org References: <1468850466.4663.63.camel@ipfire.org> <1469021628.22228.8.camel@ipfire.org> From: Matthias Fischer <matthias.fischer@ipfire.org> Organization: None Message-ID: <d203cd0d-5e4b-93b1-9437-8cbf033d8edb@ipfire.org> Date: Wed, 20 Jul 2016 16:28:48 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <1469021628.22228.8.camel@ipfire.org> Content-Type: multipart/mixed; boundary="------------EA12CC2C2B1ABF888802117C" X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Matthias Fischer
July 21, 2016, 12:28 a.m. UTC
On 20.07.2016 15:33, Stefan Schantl wrote: > Hello testers, Hi Stefan, > I've uploaded a new test version (003). Thanks! ;-) > Update or fresh install works like described in the announcement mail. > > The Changelog can be found here: > > http://people.ipfire.org/~stevee/guardian-2.0/Changelog.txt > > At the moment I'm missing feedback for the following functions: > > * Manually blocking / unblocking addresses. Tested - seems to work. Manually added to block list: "Connection timed out". Unblocked: Runs at once. Logs says: "<info> Socket - User-requested action." > * Dealing with the ignore list. Added my own IP and tried to login - with wrong password. Log says: "16:12:37 guardian[5773]: <info> Reloading ignore list... 16:12:57 guardian[5773]: <info> Ignoring event for 192.XXX.YYY.ZZZ, because it is part of the ignore list. 16:13:01 guardian[5773]: <info> Ignoring event for 192.XXX.YYY.ZZZ, because it is part of the ignore list. 16:13:05 guardian[5773]: <info> Ignoring event for 192.XXX.YYY.ZZZ, because it is part of the ignore list. " After deleting this entry and after the second attempt (Blockcount = 2) the IP was blocked - tested with my daughter... <EG> > * Owncloud message parser. Can't test this here, sorry. > * Logrotate, there should be an corresponding log entry in the guardian > logfile after rotation of the logfiles have been done. Using 'syslog' there were NO rotation entry yesterday, the log just went on. > * Reload of the ignore list after "Red" has been reconnected. There > also a corresponding log entry should be logged to the logfile and the > new "Red-address" should also be logged as part of the ignore list (If > you own an dynamic assigned one). I'm "static", sorry. ;-) > As always please report your bugs or experience with the new version to > this list. One suggestion: The 'ids.cgi' contains the old 'snortrules'-version and an outdated license link (patch attached). Best, Matthias > Best regards, > > -Stefan > >> Hello mailing list followers, >> >> this is the official release announcement for the first beta release >> of >> the new Guardian 2.0 approach. >> >> >> - What are the differences to the current version of guardian >> (legacy) >> and the first approach of guardian 2.0? >> >> The most important difference is, that the new version of Guardian >> 2.0 >> completely has been re-written from scratch and released under the >> terms of the GPLv3. The legacy version of guardian is not maintained >> anymore by it's developer and the software has been released without >> any license details at all. >> >> Guardian 2.0 has a very modular code base and has been designed as a >> multi-threaded application. This allows a parallel parsing of all >> monitored logfiles and faster actions, if one of the used modules >> detects an attack. >> >> A very important difference to the legacy version is the support of >> configuring and managing the entire service through the IPFire >> webinterface. The entire configuration, managing of current blocked >> hosts, unblocking them or editing the ignored hosts list now can be >> done in a graphical way. >> >> The legacy version of guardian only supported parsing snort alerts. >> HTTPD and SSH support has been patched by the IPFire development team >> some time ago. Guardian 2.0 supports all of them out of the box and >> includes a filter to detect owncloud login brute-force attempts. As a >> benefit of the new modular design, additional filters easily can be >> added. >> >> Guardian 2.0 is able to reload it's configuration, reloading >> the ignore list during runtime and handle, if the logfiles will get >> rotated by logrotate. This actions can be called by using the >> webinterface or from the command line interface by using >> "guardianctrl". >> >> These are just a handful of the changes and benefits which comes with >> Guardian 2.0, a complete list would be to long for this mailing list. >> >> >> - How to join testing? >> >> To get part of the testing team, simple navigate to http://people.ipf >> ir >> e.org/~stevee/guardian-2.0/ and download the latest tarball >> (currently >> 002). Please take care to download the correct one, based on your >> used >> architecture. The i585 packages are for 32Bit installations of >> IPFire, >> the x86_64 packages only can be used on 64Bit installations. >> >> Put the downloaded file on your IPFire test system and extract the >> package by using "tar -xvf guardian-2.0-002.<arch>.tar.gz -C /". >> >> The final installation step would be to regenerate the language cache >> by executing "update-lang-cache" on the console. >> >> From now you can find a new menu item called "Guardian" in your >> "Service" menu after you have logged-in into your IPFire's >> webinterface. >> >> Documentation can be found on the IPFire wiki: http://wiki.ipfire.org >> /e >> n/addons/guardian/start#the_guardian_20_addon >> >> >> - Where to post bugs reports or provide feedback? >> >> If you find any bugs, please report them as usual on the IPFire >> bugtracker, which can be found at https://bugzilla.ipfire.org. >> >> To provide feedback or to join a discussion, please send your mails >> to >> "development@lists.ipfire.org" (Please register first at http://lists >> .i >> pfire.org if not yet done). >> >> The source code can be found at http://git.ipfire.org/?p=people/steve >> e/ >> guardian.git;a=summary >> >> >> Happy testing, >> >> -Stefan >> >