Snort mailing list archives
Re: Guardian Overhaul
From: Nick Rogness <nick () rapidnet com>
Date: Fri, 28 Sep 2001 13:02:56 -0600 (MDT)
On Fri, 28 Sep 2001, Nick Rogness wrote:
DAMN! I overhauled based on guardian-1.3.0 which was available
via www.snort.org. You can add "merge changes from 1.4" to the
things todo list. Sorry bout that.
Most of the "TODO" list should be done this weekend.
Well, I've spent the last couple of days redoing gaurdian. Here is
the list of added enhancments:
-FreeBSD ipfw support (specify firewallType in conf file)
-Firewall interface
- Max Firewall rule size
- An expire timer that runs (old guardian didn't expire properly)
- Ability to handle mulitple Class C (or smaller) targets
- Reuse of Firewall rules (FreeBSD only)
- Easy to add other Firewall tools (send requests)
-IPFilter support (Should be done real soon)
-See what IP's are blocked with SIGUSR2 signal (without flushing fw)
-Better error checking
-Better logging
-General bug fixes
I have tarballed it up at:
http://freebsd.rogness.net/snort/guardian-2.0b.tgz
Things that still need to be done:
-Official documentation (man pages, README, etc)
-Bug reports/fixes (especially Linux people...don't have Linux)
-Commenting
-Better loading (PM's maybe?)
-Ignoring Anomolies
-PreProcessor log recognition
-Other stupid stuff ;-)
I didn't update any of the docs (with the exception of guardian.conf)
to reflect my changes. I figured with nimda on the loose people could
use this in a hurry. All should be fixed this weeked (yes IPF support
too). For all you FreeBSD lovers out there, I will make a 'port' out
of it this weekend.
Nick Rogness
nick () rapidnet com
RapidNet Internet Services
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Nick Rogness nick () rapidnet com RapidNet Internet Services _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- guardian + snort Dariusz BrzeziĆski (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)
- Re: Guardian Overhaul Nick Rogness (Sep 28)
- <Possible follow-ups>
- RE: guardian + snort Jyri Hovila (Sep 08)
- RE: guardian + snort Matt Bridges (Sep 08)
- Guardian Overhaul Nick Rogness (Sep 28)