Search found 83 matches

by TimF
November 21st, 2018, 8:08 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 8872

Re: IDS Rule updater - with rule state persistance

The most likely explanation is that some pf the old rulefiles in /etc/snort/rules have the wrong permissions. All the files should be owned by nobody and -rw-r--r-- . To fix: chown nobody.nobody /etc/snort/rules/* chmod 0644 /etv/snort/rules/* If that doesn't work, try running /usr/local/bin/ids-upd...
by TimF
November 17th, 2018, 6:15 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 8872

Re: IDS Rule updater - with rule state persistance

Hi Michael, 1) It will update any rulesets that you've previously downloaded, not just the currently selected one. (It looks at the rulefiles in /etc/snort/rules - community.rules is the community rules, emerging-*.rules is Emerging Threats, anything else is Talos VRT). This means that any rules lis...
by TimF
November 11th, 2018, 5:51 pm
Forum: IPFire in General
Topic: drop inputs and newnotsyn
Replies: 3
Views: 600

Re: drop inputs and newnotsyn

The 'newnotsyn' packets are a TCP protocol error. The first (NEW) packet on a TCP connection should have the SYN bit set. Apparently this error can occur either due to a change in address from one of the devices communicating, or due to a faulty software implementation (which apparently windows is p...
by TimF
November 9th, 2018, 6:34 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 8027

Re: Ipfstatusmail (Status emails for IPFire)

That's correct. You should have a 'Generate' button. Click on that and wait while it generates a key and you should then get the rest of the GUI. I had a bug in the installer which just echoed the chmod and chown commands rather than running them, which is why statusmail.cgi had the wrong permission...
by TimF
November 9th, 2018, 6:25 pm
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 2554

Re: Ipfblocklist (IP Blocklists for IPFire)

Thanks Saiyato, I've merged the change. Raffe, If you download the script again, you will hopefully see the 'pkts', bytes' and 'Last updated' fields start to fill with information; although this won't happen until the script starts to run (and it could take a few days for the last blocklists to be d...
by TimF
November 7th, 2018, 9:04 pm
Forum: IPFire in General
Topic: Ipfblocklist (IP Blocklists for IPFire)
Replies: 16
Views: 2554

Re: Ipfblocklist (IP Blocklists for IPFire)

The latest versions of both scripts are set to run hourly, but they check to see if they actually have to do anything in the current hour. This is due to the WUI running as nobody, but needing to be root to change the fcrontab. It would be possible to use a setuid helper script to do the job, but in...
by TimF
November 7th, 2018, 8:58 pm
Forum: IPFire in General
Topic: Ipfstatusmail (Status emails for IPFire)
Replies: 79
Views: 8027

Re: Ipfstatusmail (Status emails for IPFire)

I've uploaded a new version, which should now work. Try installing it again.
by TimF
November 7th, 2018, 8:57 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 8872

Re: IDS Rule updater - with rule state persistance

The settings affect new rules. The script will evaluate new rules against your selected policy and will enable the rule if it's in the selected policy or disable it if not. The default policy is 'Balanced' - this is what you would get if you just downloaded the rule files. It doesn't affect your exi...
by TimF
October 16th, 2018, 7:55 pm
Forum: IPFire in General
Topic: Snort not working [Solved]
Replies: 21
Views: 2667

Re: Snort not working [Solved]

That looks good. You may get the occasional failure - I've got two systems running the script and over the course of several months I've had one MD5SUM check fail and the occasional connection failure, but next time the updater runs it'll correct itself. I've modified the snort -T line in the source...
by TimF
October 13th, 2018, 2:42 pm
Forum: IPFire in General
Topic: Snort not working [Solved]
Replies: 21
Views: 2667

Re: Snort not working

I think it is possibly something to do with your snort.conf file, but I'm not sure it's directly to do with memcap. However it's possible that adding the lines will fix the error. If I'm understanding the documentation, the memcap line in the snort output is generated when one of Snort's internal me...
by TimF
October 12th, 2018, 3:02 pm
Forum: IPFire in General
Topic: Snort not working [Solved]
Replies: 21
Views: 2667

Re: Snort not working

Hopefully this has sorted itself out by now. You probably had a glitch in the download, wheich the MD5 sum check detected. it should have retried the download the next time the script ran.
by TimF
October 12th, 2018, 3:01 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 8872

Re: IDS Rule updater - with rule state persistance

The version 3 changes works, so I merged them onto the master branch and I modified the updater on that branch. So the version 3 branch is now obsolete.
by TimF
October 6th, 2018, 11:58 am
Forum: IPFire in General
Topic: Snort not working [Solved]
Replies: 21
Views: 2667

Re: Snort not working

Yes, the warnings should disappear - once the warnings have updated (provided the appropriate rules are enabled in the emerging-policy.rules and emerging-info.rules rulefiles). The warnings are updated whenever the script downloads an update - it gathers the necessary information as part of the proc...
by TimF
October 5th, 2018, 5:49 pm
Forum: IPFire in General
Topic: Snort not working [Solved]
Replies: 21
Views: 2667

Re: Snort not working

Sorry for the long wait before replying. Flowbits are used to convey information between rules. For example there are a number of rules that look for problems with PDF files; rather than duplicate the code that determines whether network traffic represents the download of a PDF file in each of these...
by TimF
October 5th, 2018, 5:30 pm
Forum: IPFire in General
Topic: IDS Rule updater - with rule state persistance
Replies: 58
Views: 8872

Re: IDS Rule updater - with rule state persistance

Hello,

There's some code in the installer that is meant to stop it downloading files unless they belong to a newer version than the version that's installed. That's probably the reason the installer seems not to work.

I've removed it because I don't think it's really necessary.