Search found 68 matches

by TimF
28 minutes ago
Forum: IPFire in General
Topic: Whitelisted Host Stops Getting White Listed
Replies: 3
Views: 61

Re: Whitelisted Host Stops Getting White Listed

It looks like this is a genuine error - I suggest you raze a ticket in Bugzilla.
by TimF
29 minutes ago
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 27
Views: 1073

Re: Intrusion Prevention System - core 131

This has been mentioned somewhere (unfortunately I can't find the reference at the moment) - Suricata doesn't understand all of the rule syntax that Snort does (at least at the moment). Since Snort defined the rule syntax, it's possible that Suricata will support the additions in the future. In the ...
by TimF
May 20th, 2019, 8:45 pm
Forum: IPFire in General
Topic: [Solved] IPS alert on Traffic Originating/Src IPFire Red0
Replies: 3
Views: 147

Re: [Solved] IPS alert on Traffic Originating/Src IPFire Red0

It does appear to be the facility that hosts cinsscore.com, and that blocklist is downloaded with libwww-perl.

it should be harmless to disable this rule.
by TimF
May 17th, 2019, 4:28 pm
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 27
Views: 1073

Re: Intrusion Prevention System - core 131

You can also look in "Logs/System Logs/Intrusion Prevention". This shows messages related to the running of Suricata, whereas "Logs/IPS Logs" shows alerts due to traffic. If you don't see anything immediately, try going back a couple of days. You can also look in "Logs/System Logs/Oinkmaster" which ...
by TimF
May 17th, 2019, 4:23 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

Hi Roberto,

I've made another attempt.

Tim
by TimF
May 16th, 2019, 7:33 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

Hi Roberto,

It's a problem with the language strings. I've updated the files, and merged onto master (since the build with Suricata has now been released). You should be able to re-install with the fix for the problem.

Tim
by TimF
April 27th, 2019, 2:49 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 7031

Re: IDS Rule updater - with rule state persistance

I've uploaded the uninstaller. You should be able to do:

Code: Select all

wget https://github.com/timfprogs/ipfidsupdate/raw/master/uninstall-idsupdate.sh
chmod +x uninstall-idsupdate.sh
./uninstall-idsupdate.sh
by TimF
April 27th, 2019, 2:46 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

HI Roberto, I've submitted a series of patches to add statusmail to the IPFire core; the changes I've made in github are in preparation for this. Inevitable there are changes to be made between an external add-on, which has to be independent of the system, and one which is properly integrated. So th...
by TimF
April 8th, 2019, 8:33 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

Hi Roberto, At first glance, it doesn't seem to be picking up the settings and language files properly. Can you run check that the language files are in /var/ipfire/addon-lang and run update-lang-cache from the command line. Can you check that there are contact-settings and schedule-settings files i...
by TimF
February 16th, 2019, 6:20 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

Hi Roberto, Unfortunately I've temporarily lost my internet access at home, so I can't upgrade to core 127 and test it myself. There should be no reason why the test mail works and the Status mail doesn't, since they both send mail the same way. When I get my internet access back I'll update to core...
by TimF
February 12th, 2019, 5:17 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 7031

Re: IDS Rule updater - with rule state persistance

You could try looking at the log file in /var/tmp.

Also check the permissions of the files in /etc/snort/rules - they should all be nobody.nobody (I think).

Finally the MANIFEST file on github gives the owner and permissions for all the updater files.
by TimF
February 8th, 2019, 8:37 am
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 7031

Re: IDS Rule updater - with rule state persistance

Unfortunately I've lost my normal internet access which makes responding difficult. Have a look from the command line and see if there's a copy of ids-update.pl running - if there is kill it and hopefully the next update attempt will work. It appears that one of the downloads from the internet can l...
by TimF
December 29th, 2018, 4:34 pm
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 14
Views: 1459

Re: Ipfblocklist (IP Blocklists for IPFire)

The plan is to include this functionality into IPFire. As part of this I'll review the best place to put the blocklists.
by TimF
December 17th, 2018, 8:06 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 49
Views: 2962

Re: Ipfstatusmail (Status emails for IPFire)

Sorry, I'd not looked at my private messages. I've replied now and set up notifications to avoid the problem in the future.
by TimF
December 16th, 2018, 8:48 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 7031

Re: IDS Rule updater - with rule state persistance

I'll set up a test to have a look at it.