Enabling IDS renders ARM version unbootable, is it fixed?
-
- Posts: 1
- Joined: August 7th, 2015, 12:21 am
Enabling IDS renders ARM version unbootable, is it fixed?
I've been looking for a firewall distro with an ARM port and found IPFire. I also wanted to enable an IDS, but this article http://chuckscoolreviews.blogspot.com/2 ... na-pi.html says enabling IDS renders IP-Fire unbootable because of a kernel panic. Before I purchase a Banana Pi router, can anyone confirm if ths issue has been reported and addressed?
Re: Enabling IDS renders ARM version unbootable, is it fixed?
IDS will not work with ARM. Problem still exist
, and it forced me to change software on Banana R1 (Lamobo) another.
It has something to do with kernel 3.14, but on openwrt it works.
https://bugzilla.ipfire.org/show_bug.cgi?id=10770#c16

It has something to do with kernel 3.14, but on openwrt it works.
https://bugzilla.ipfire.org/show_bug.cgi?id=10770#c16
Re: Enabling IDS renders ARM version unbootable, is it fixed?
It is a grsecurity related problem and we get no support for this. At the moment im thinking about removing grsecurity on arm kernels...
Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
Arne
Support the project on the donation!



PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Support the project on the donation!



PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Re: Enabling IDS renders ARM version unbootable, is it fixed?
Hello Arne.F,
Of course, running snort on a board with 256 MByte RAM is not that funny, but with 1 GB it works fine...
Best regards,
Timmothy Wilson
In my opinion, this depends on the ARM board you have in use, the number and complexity of the enabled rules and on how many interfaces snort is active.Arne.F wrote:Also keep in mind that snort needs many system resources so it make not really sense to run it on small arm boards because many rules need much CPU Power and RAM.
Of course, running snort on a board with 256 MByte RAM is not that funny, but with 1 GB it works fine...
Best regards,
Timmothy Wilson
Re: Enabling IDS renders ARM version unbootable, is it fixed?
On current nightly builds ids seems working now. http://nightly.ipfire.org/next/
It looks like the problem was a compiler bug because we have not changed kernel or snort, only updated gcc.
It looks like the problem was a compiler bug because we have not changed kernel or snort, only updated gcc.
Arne
Support the project on the donation!



PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Support the project on the donation!



PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.
Re: Enabling IDS renders ARM version unbootable, is it fixed?
Hello Arne.F,
thanks for yor reply. At the moment I have no testing system at hand, so I cannot check it out.
But indeed i am very happy about this being fixed (or will be fixed in the future).
Best regards,
Timmothy Wilson
thanks for yor reply. At the moment I have no testing system at hand, so I cannot check it out.
But indeed i am very happy about this being fixed (or will be fixed in the future).
Best regards,
Timmothy Wilson
Re: Enabling IDS renders ARM version unbootable, is it fixed?
Hello Arne,
I've just read the release notes of the new testing version (core 100). Since I am not sure if I understood right, does the following snippet indicate that snort was recompiled with a new gcc version?
Timmothy Wilson
I've just read the release notes of the new testing version (core 100). Since I am not sure if I understood right, does the following snippet indicate that snort was recompiled with a new gcc version?
Best regards,Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2
Timmothy Wilson
- MichaelTremer
- Core Developer
- Posts: 5799
- Joined: August 11th, 2005, 9:02 am
Re: Enabling IDS renders ARM version unbootable, is it fixed?
Well, he sent you this information in the bug report earlier. You didn't test back then. We know that it is working now on some ARM machines, it could well be that it is not working everywhere. That's what we get when there is no feedback.
Support the project with our Donation Challenge!
Get Commercial Support for IPFire and more from Lightning Wire Labs!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Re: Enabling IDS renders ARM version unbootable, is it fixed?
Feedback: BananaPi Router (Lamobo R1) - installed Core 100, enabled SNORT (with emergingthreats.net) on RED and GREEN - works fine. During Reboot it takes ages until IPFire is available again (8-12 minutes), but it works. Reboot without SNORT enabled is much faster...