Search found 4556 matches

by ummeegge
December 9th, 2018, 7:58 pm
Forum: Generelle Fragen
Topic: Aktuelle Verbindungen eines Hosts anzeigen lassen
Replies: 3
Views: 240

Re: Aktuelle Verbindungen eines Hosts anzeigen lassen

Hallo 2U1C1D3, Eine Frage zu dem von Dir erstellten Installer: Das Paket "json-c", ist das Java oder hat das etwas damit zu tun? Ich habe mit Java eigentlich absolut nichts am Hut und nur im Hinterkopf, dass es ein ständig angeprangertes Sicherheitsrisiko ist. Könntest Du mir dazu ein paar Infos mit...
by ummeegge
December 9th, 2018, 7:27 pm
Forum: Development
Topic: unbound - forwarder in local.d - dot
Replies: 4
Views: 499

Re: unbound - forwarder in local.d - dot

Hi all, - rudimentary DNSSEC check (information only) has been added to initscript --> https://gitlab.com/ummeegge/dot-for-ipfire/commit/bf16858a6308f90c3ce2ee481f40e4c095b8c730 . - DoT config has been updated --> https://gitlab.com/ummeegge/dot-for-ipfire/commit/4b9f8cbf239324a0f749480bf97f514c0e64...
by ummeegge
December 7th, 2018, 3:17 pm
Forum: IPFire in General
Topic: DNS security hardening
Replies: 7
Views: 390

Re: DNS security hardening

Hi, two more things which i have currently in mind/testing and wanted to pin it here for a possible hardening/optimization discussion. 1) QNAME minimization: -> https://tools.ietf.org/html/rfc7816 . Tested with current IPFire core 125 and got a "NO - QNAME minimisation is NOT enabled on your resolve...
by ummeegge
December 7th, 2018, 6:55 am
Forum: VPN
Topic: OpenVPN: RW2N-Gesamter IP-Traffic über VPN-Tunnel
Replies: 3
Views: 98

Re: OpenVPN: RW2N-Gesamter IP-Traffic über VPN-Tunnel

Schau dir den letzten Link oben nochmal an. In Verbindung mit der firewall.local --> https://wiki.ipfire.org/configuration/f ... wall.local kannst du ja mal probieren ob du damit an dein Ziel kommst.

UE
by ummeegge
December 7th, 2018, 5:54 am
Forum: IPFire in General
Topic: MTU settings with OpenVPN, IDS and Guardian
Replies: 1
Views: 98

Re: MTU settings with OpenVPN, IDS and Guardian

Hello Barkingdoggy, if you use UDP you can leave the Tun-MTU at 1500 but you should manage the package size then via "Fragment" (UDP size - set there a value) and "Mssfix" (TCP size - setting there a hook uses the same value then fragment) <-- https://wiki.ipfire.org/configuration/services/openvpn/c...
by ummeegge
December 7th, 2018, 5:40 am
Forum: VPN
Topic: OpenVPN: RW2N-Gesamter IP-Traffic über VPN-Tunnel
Replies: 3
Views: 98

Re: OpenVPN: RW2N-Gesamter IP-Traffic über VPN-Tunnel

Hallo Holger, sofern du den herkömmlichen Modus ("Conventional Mode" --> https://wiki.ipfire.org/configuration/network/proxy/wui_conf/settings ) nutzt braucht es einen Eintrag des OpenVPN Transportnetzes unter der "Netzwerkbasierten Zugriffskontrolle" --> https://wiki.ipfire.org/configuration/networ...
by ummeegge
December 4th, 2018, 1:34 pm
Forum: Vorstellung, Umfragen für Addons & Feature Requests
Topic: OSSEC - HIDS mit active response, Logmanagment und e-mail Benachrichtigung
Replies: 97
Views: 27945

Re: OSSEC - HIDS mit active response, Logmanagment und e-mail Benachrichtigung

Hallo zusammen,
3.1.0 --> https://github.com/ossec/ossec-hids/blo ... /CHANGELOG ist up.

Updates für 32bit mach ich nicht mehr (3.0 ist noch für 32bit verfügbar) aber OSSEC für ARM ist dafür da.

Grüsse,

UE
by ummeegge
December 3rd, 2018, 8:25 am
Forum: IPFire in General
Topic: DNS security hardening
Replies: 7
Views: 390

Re: DNS security hardening

Hi Saiyato, as promised, in here --> https://people.ipfire.org/~ummeegge/ldns/ you can find ldns for ARM. Have used also '--with-examples' and '--with-pyldns' in configure so the following binaries: /usr/bin/drill /usr/bin/ldns-chaos /usr/bin/ldns-compare-zones /usr/bin/ldns-config /usr/bin/ldns-dan...
by ummeegge
November 30th, 2018, 10:14 am
Forum: Generelle Fragen
Topic: SSH Port falsch nach Update 125
Replies: 7
Views: 232

Re: SSH Port falsch nach Update 125

Hallo Alternarivende,
ich kann das hier auch bestätigen.

Machst du einen Bug im Bugzilla auf ?

Grüsse,

UE
by ummeegge
November 29th, 2018, 7:35 pm
Forum: IPFire in General
Topic: OpenVPN - New attack via compression vulnerability (Voracle)
Replies: 2
Views: 578

Re: OpenVPN - New attack via compression vulnerability (Voracle)

Great summary, thanks for that. If you are motivated/interested in that matter we started in here --> https://forum.ipfire.org/viewtopic.php?f=16&t=21895#p120696 to collect some ideas for possible checks in OpenVPN server.conf for a, let´s say, inventory of the existing :) . If you have some further...
by ummeegge
November 29th, 2018, 5:59 am
Forum: IPFire in General
Topic: DNS security hardening
Replies: 7
Views: 390

Re: DNS security hardening

Hi, Theres one other thing I don't understand, I will add it to the questions. When I configure unbound, what do the DNS settings in "setup\Network configuration\DNS and Gateway settings" mean? Will they be overwritten by the unbound config? Or are those for the IPFire instance itself, even though i...
by ummeegge
November 28th, 2018, 6:58 pm
Forum: VPN
Topic: OpenVPN Konfiguration Empfehlung
Replies: 11
Views: 374

Re: OpenVPN Konfiguration Empfehlung

Autsch, aber unterliegt die Namensgebung von Variablen der englischen Rechtschreibung ^-^ ? Aber danke für den Hinweis.

Grüsse,

UE
by ummeegge
November 28th, 2018, 6:56 pm
Forum: IPFire in General
Topic: DNS security hardening
Replies: 7
Views: 390

Re: DNS security hardening

Hi Saiyato, and thanks for writing all that together. As a result of some threads which you have also posted above, i tried also a little more in that topic. You can find in here --> https://forum.ipfire.org/viewtopic.php?f=50&t=21954 some further testings and also some encountered problems with the...
by ummeegge
November 27th, 2018, 4:55 pm
Forum: Development
Topic: unbound - forwarder in local.d - dot
Replies: 4
Views: 499

Re: unbound - forwarder in local.d - dot

Hi Mapa, i think unbound uses the TTL from the DNS record if no 'cache-min|max-ttl' value has been defined. Some TTLs are e.g. 300 seconds so it would not make much sense to store them on disk. You can (not only --> https://abridge2devnull.com/posts/2016/03/unbound-dns-server-cache-control/ ) overvi...