forum.ipfire.org

The Intrusion Detection System WUI page "https://your-ip-fire-here:444/cgi-bin/ids" has a label for a link that is intended to take you to an external website were a new oink code could be generated. However, when clicking on the label, you get a nice looking page at snort.org saying page not found ...

Thanks, I’m sure I saw that info a few weeks back but my limited synapses and neurons forced it to be swapped out to the bit bucket

Rules will also now automatically be updated daily or weekly. Having the latest ruleset allows to detect latest attack vectors and malicious traffic efficiently.

Is there an effort underway to have automatic rule updates for Suricata?
Perhaps a Suricata version of ids-update.pl or ...
this tool: https://suricata-update.readthedocs.io/en/latest/

Here's a generic cookbook for routing all traffic through VPN on your IPFire box https://forum.ipfire.org/viewtopic.php?f=27&t=22302&p=122537&hilit=vpn+service#p123409 Not sure but I suspect you could do something like this: 1) run your normal internet (not-VPN) traffic straight trough your Asus rou...

I have a 3ware 2-port raid controller in a system setup with raid-1. I can get the hard drive S.M.A.R.T. info via the following shell commands: smartctl -a -d 3ware,0 /dev/twa0 smartctl -a -d 3ware,1 /dev/twa0 Is there a configuration change needed to get the S.M.A.R.T. info from the WUI? Currently ...

FWIW, in case you did not see this posting: viewtopic.php?f=52&t=22266

Charles

The issue stems from the switch to Snort version 2.9.12. ids-update.pl fails to get Talos VRT rules from snort.org after upgrading to Core 127. The issue is with the file name string used to read the md5 file at the snort server. The snort server expects a five digit value for version string as part...

Not sure the fix, tried lots of things including: forcing manual rules update with ids-update.pl; stopping/ starting guardian from guardian page and from Status Info ->Addon - Services control; Stopping/Starting Snort; Rebooting ... Anyway, it seems to be working fine now

After update 125 -> 126 several hours ago, list of guardian blocked hosts has remained empty

Special characters in password seems to be the culprit for the segfault -- I switched to a junk email account with simple password and the segfault issue went away. Still not successfully getting mail delivered. Thanks for all the good leads, this will probably keep me busy for a few days

Switching port to 587 was progress. I didn't get the segfault from sendmail and the message appeared to be sent. However, I'm now getting error "Authentication failed: 535 5.7.1 Authentication failed" back from the smtp server ... Nov 9 20:48:37 ipfire dma[e019c.142e340]: trying delivery Nov 9 20:48...

Any clues as to how I might further diagnose the problem here?

If this could help ... Here’s the contents of /var/dma/mail.conf … SENDER=root@ipfire.pookie.home RECIPIENT=cab_77573@yahoo.com USEMAIL=on and /var/dma/dma.conf ... FULLBOUNCE SECURETRANSFER SMARTHOST smtp.mail.yahoo.com STARTTLS AUTHPATH /var/ipfire/dma/auth.conf MAILNAME ipfire.pookie.home SPOOLDI...