Search found 340 matches

by dnl
May 19th, 2019, 5:36 am
Forum: IPFire in General
Topic: Core 131 Suricata status page?
Replies: 5
Views: 205

Re: Core 131 Suricata status page?

Davidvt, I suspect that's a coincidence. Have you had a chance to look later and see if the pattern repeats? Arne, Could you please respond to my previous post when you're able? I didn't realise the change to Suricata would have such a dramatic impact. (I imagine it's switching away from guardian wh...
by dnl
May 19th, 2019, 5:34 am
Forum: IPFire in General
Topic: IPS: Who chooses the default enabled rules in a ruleset?
Replies: 0
Views: 63

IPS: Who chooses the default enabled rules in a ruleset?

This is a general question and not specific to the (great!) change to Suricata in the latest release. Who selects which rules are enabled by default in a ruleset? Is this from the provider of the ruleset (Emerging Threats and Talos) or IPFire? Do the default rules change over time? So if I enabled t...
by dnl
May 18th, 2019, 12:06 pm
Forum: IPFire in General
Topic: Core 131 with Guardian
Replies: 3
Views: 132

Re: Core 131 with Guardian

It's worth keeping up with the blog: https://blog.ipfire.org/post/ipfire-2-23-core-update-131-released The guardian add-on is no longer required any more for the IDS to work but still provides means against SSH brute-force attacks and brute-force attacks against the IPFire Web UI. On a related note:...
by dnl
May 18th, 2019, 11:58 am
Forum: IPFire in General
Topic: Core 131 Suricata status page?
Replies: 5
Views: 205

Re: Core 131 Suricata status page?

Suricata in not blocking by IP Addresses. If traffic match to a rule it will blocked. In my opinion, that means that a major advantage of the IPS has been lost. I want to block suspicious internet IPs (RED interface) which trigger rules. For example if a port scan rule is triggered, I don't want th...
by dnl
February 9th, 2019, 10:50 am
Forum: IPFire in General
Topic: Newbie needs help with IPFire Security hardening
Replies: 3
Views: 543

Re: Newbie needs help with IPFire Security hardening

PS: If you have a specific question about hardware, it might be best to write a new thread about it.
by dnl
February 9th, 2019, 10:38 am
Forum: IPFire in General
Topic: Newbie needs help with IPFire Security hardening
Replies: 3
Views: 543

Re: Newbie needs help with IPFire Security hardening

I followed this manual: https://wiki.ipfire.org/optimization/start/security_hardening # (Many thanks to the Autor of the hardening guide: https://forum.ipfire.org/viewtopic.php?f=27&t=15151&start=30 ) Thank you! -I don't use the Intrusion Detection System or URL-Filter because i think my IPFire-Har...
by dnl
December 30th, 2018, 3:19 am
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 14
Views: 1442

Re: Ipfblocklist (IP Blocklists for IPFire)

TimF wrote:
December 29th, 2018, 4:34 pm
The plan is to include this functionality into IPFire.
Awesome! 8)
by dnl
December 29th, 2018, 9:10 am
Forum: IPFire in General
Topic: Permanently block external ICMP only [SOLVED]
Replies: 6
Views: 2016

Re: Permanently block external ICMP only [SOLVED]

Updated the wiki page and added a section briefly explaining the -i interface option. https://wiki.ipfire.org/en/optimization/ping/start I was just updating my documentation and it appears in the past year someone has deleted my page of instructions - they're not at the new URL :( https://wiki.ipfi...
by dnl
December 22nd, 2018, 4:20 am
Forum: Development
Topic: Ossec for IPFire
Replies: 34
Views: 9243

Re: Ossec for IPFire

ummeegge wrote:
December 21st, 2018, 5:12 am
yes an agent package is provided.

Did an update to Wazuh 3.7.2 now but it is currently not up. I will build new versions only for 64bit, have dropped 32bit versions.
Thank you. I don't use 32bit Linux any longer.
by dnl
December 20th, 2018, 8:26 am
Forum: Development
Topic: Ossec for IPFire
Replies: 34
Views: 9243

Re: Ossec for IPFire

Hello ummeegge, I'm sorry that I was not clear. You have not understood what I meant. I'm after an agent package for Wazuh for IPFire as I intend to run a master elsewhere. Is that something you have packaged? Also running *any* software is a risk. I have no concerns about Wazuh or the components th...
by dnl
December 17th, 2018, 10:36 am
Forum: Development
Topic: Ossec for IPFire
Replies: 34
Views: 9243

Re: Ossec for IPFire

Hi ummeegge, It is possible for me to pull the Wazuh agent component from your installer(s) and run only that on IPFire? I like the idea of Wazuh, but running all those components (as well most IPFire features and ntopng) would use a lot of resources/power and open a very large attack surface on a r...
by dnl
December 2nd, 2018, 7:31 am
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 24398

Re: Snort Rules Update

??? So, I'm not quite sure how to fix this issue. I changed the code to correct for the issue that was discovered, however, everything is now working as expected except for the fact that the oinkmaster.pl file doesn't appear to be incrementing the version of Snort. Below is the results of running t...
by dnl
December 2nd, 2018, 6:03 am
Forum: IPFire in General
Topic: I wrote an IPFire Security Hardening guide
Replies: 33
Views: 7854

Re: I wrote an IPFire Security Hardening guide

Saiyato wrote:
November 28th, 2018, 9:16 pm
You can find it here: https://wiki.ipfire.org/optimization/st ... _hardening
Thank you for sending the correct link.

I have now updated the first post.
by dnl
December 2nd, 2018, 5:54 am
Forum: IPFire in General
Topic: I wrote an IPFire Security Hardening guide
Replies: 33
Views: 7854

Re: I wrote an IPFire Security Hardening guide

You are most welcome. Thank you for writing the tutorial. You make a very good point concerning SMTP and IMAP; both are common protocols used by spammers. I also like the idea of creating a restrictive policy around SSH, and whitelisting trusted users. Two factor verification and the implementation...
by dnl
November 28th, 2018, 9:46 am
Forum: Development
Topic: ntopng for IPFire
Replies: 123
Views: 27058

Re: ntopng for IPFire

Can you describe your procedures step by step to better reproduce this bug so we can possibly ask on the ntopng community for a possible fix. The problem still occurs for me, but I've not kept a list of everything I've changed, sorry! When I have time I'll reset/drop the database and try again from...