Search found 375 matches

by dnl
December 17th, 2018, 10:36 am
Forum: Development
Topic: Ossec for IPFire
Replies: 45
Views: 14106

Re: Ossec for IPFire

Hi ummeegge, It is possible for me to pull the Wazuh agent component from your installer(s) and run only that on IPFire? I like the idea of Wazuh, but running all those components (as well most IPFire features and ntopng) would use a lot of resources/power and open a very large attack surface on a r...
by dnl
December 2nd, 2018, 7:31 am
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 29380

Re: Snort Rules Update

??? So, I'm not quite sure how to fix this issue. I changed the code to correct for the issue that was discovered, however, everything is now working as expected except for the fact that the oinkmaster.pl file doesn't appear to be incrementing the version of Snort. Below is the results of running t...
by dnl
December 2nd, 2018, 6:03 am
Forum: IPFire in General
Topic: I wrote an IPFire Security Hardening guide
Replies: 33
Views: 10170

Re: I wrote an IPFire Security Hardening guide

Saiyato wrote:
November 28th, 2018, 9:16 pm
You can find it here: https://wiki.ipfire.org/optimization/st ... _hardening
Thank you for sending the correct link.

I have now updated the first post.
by dnl
December 2nd, 2018, 5:54 am
Forum: IPFire in General
Topic: I wrote an IPFire Security Hardening guide
Replies: 33
Views: 10170

Re: I wrote an IPFire Security Hardening guide

You are most welcome. Thank you for writing the tutorial. You make a very good point concerning SMTP and IMAP; both are common protocols used by spammers. I also like the idea of creating a restrictive policy around SSH, and whitelisting trusted users. Two factor verification and the implementation...
by dnl
November 28th, 2018, 9:46 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Can you describe your procedures step by step to better reproduce this bug so we can possibly ask on the ntopng community for a possible fix. The problem still occurs for me, but I've not kept a list of everything I've changed, sorry! When I have time I'll reset/drop the database and try again from...
by dnl
November 28th, 2018, 9:44 am
Forum: IPFire in General
Topic: I wrote an IPFire Security Hardening guide
Replies: 33
Views: 10170

Re: I wrote an IPFire Security Hardening guide

I would like to start by thanking you for a wonderful guide to hardening IPFire. Your tutorial is concise, accurate, and easy to fallow. Thanks very much! On the subject of configuring outgoing firewall rules, a good starting point is to research a subject known as Egress Filtering. I am not certai...
by dnl
November 25th, 2018, 8:49 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Hi again,
ummeegge wrote:
November 23rd, 2018, 10:28 am
Is this persistent or does it only appears sometimes ?
I enabled "Network Discovery" in the preferences and have it running once a day. It seems that feature will override changes made to a host, which is not what I expected.
by dnl
November 23rd, 2018, 1:28 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Hello Ummeegge, I've got a problem where ntop is only showing my BLUE (WiFi) network in dashboards and in the "Local Hosts" page. All my GREEN (wired) network devices do appear in the "All Hosts" page though. Your shell script has set the "--local-networks" option correctly for BOTH networks in /etc...
by dnl
November 22nd, 2018, 9:36 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Thanks ummeegge, your installer is very easy to use.

I've just installed it and will spend a bit of time reading the documentation to understand this application.
by dnl
November 18th, 2018, 8:19 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Thank you for that ummeegge. I'm trying to decide which version to use. Are failures of ntopng likely to cause a problem for standard IPFire functions (routing/firewalling etc), or do they usually only cause ntopng itself to fail? If problems usually only affect ntopng itself, then I'll help try you...
by dnl
November 18th, 2018, 5:54 am
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 29380

Re: Snort Rules Update

??? So, I'm not quite sure how to fix this issue. I changed the code to correct for the issue that was discovered, however, everything is now working as expected except for the fact that the oinkmaster.pl file doesn't appear to be incrementing the version of Snort. Below is the results of running t...
by dnl
November 17th, 2018, 10:32 am
Forum: Development
Topic: ntopng for IPFire
Replies: 127
Views: 43327

Re: ntopng for IPFire

Thank you ummeegge, gocart and others for your work on this! I have been wanting to try ntopng for some time but haven't investigated it further. The first post in this thread says: Since gocart has also build packages for ntopng (the stable not the dev version) on IPFire --> https://forum.ipfire.or...
by dnl
November 8th, 2018, 9:56 am
Forum: IPFire in General
Topic: IDS, Intrusion Detection System. What rule provider is best and what rules are best?
Replies: 7
Views: 3330

Re: IDS, Intrusion Detection System. What rule provider is best and what rules are best?

Thanks for the great post TimF. I've still got a lot to learn about using an IDS!
by dnl
November 8th, 2018, 9:54 am
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 10524

Re: IDS Rule updater - with rule state persistance

I agree with DNL, this is so good and important that it should really be included as an official addon! 8) Or are you waiting for this? https://forum.ipfire.org/viewtopic.php?f=27&t=8323&start=75#p120129 Even if the Suricata feature comes with automatic updates, I still like the idea of moving the ...
by dnl
November 8th, 2018, 9:52 am
Forum: IPFire in General
Topic: Snort Rules Update
Replies: 81
Views: 29380

Re: Snort Rules Update

Thanks for that ummegge! I'm looking forward to it. Although do note that "daily" updates aren't as good as "check hourly for an update" because you might get your rules 23 hours late! Late edit: I invested a lot in tunning snort (custom threshold.conf). Suricata is not a valid option unless the tun...