Showing posts with label cipherdyne software releases. Show all posts
Showing posts with label cipherdyne software releases. Show all posts

Monday, June 4, 2007

Software Release - fwknop-1.8


The 1.8 release of fwknop is ready for download. This release includes major new functionality to allow fwknop to function in server mode with ipfw firewalls on *BSD systems, and the fwknop client now runs on Windows systems under Cygwin. Here is the ChangeLog:
  • Added support for ipfw firewalls (found on *BSD systems). The IPTables::Parse and IPTables::ChainMgr modules are not installed on such systems.
  • Added gpg-agent support for both the fwknop client and fwknopd SPA server.
  • Updated client-only installation mode to restrict perl module installation to those module that are actually required by the fwknop client. This results in clean installs of the fwknop client on Windows systems running Cygwin.
  • Added --Defaults to install.pl so that fwknop can be installed without prompting the user to answer any questions. This is to make it easier to install fwknop on the Source Mage Linux distro.
  • Consolidated daemon config files into the fwknop.conf file (except for the access.conf file). This simplifies the configuration of fwknop.
  • Added recursive variable resolution in the parsing routines for the fwknop.conf file. This allows variable values to contain embedded variables.
  • Added init script for FreeBSD systems.
  • Added --BSD-install command line argument to install.pl. This is not normally necessary since the installer should detect installations on *BSD systems, but this option can force this behavior.
  • Updated knopmd and knopwatchd to use safe_malloc() instead of malloc().
  • Bugfix to never time out rules from SOURCE blocks with FW_ACCESS_TIMEOUT set to zero.
Posted by at 1 comment:
Labels: ,

Monday, May 28, 2007

Software Release - psad-2.0.7


The 2.0.7 release of psad is ready for download. This is a minor bugfix release, and here is the ChangeLog:
  • Bugfix to define a custom 'source' definition for syslog-ng daemons - this fixes a problem on SuSE systems where the existing syslog-ng reconfig caused the daemon to not start.
  • Bugfix to allow specific signatures to be ignored by setting SID values of zero in /etc/psad/snort_rule_dl.
  • Added -X command line argument to allow the user to delete any psad chains (in auto-response mode). This is a synonym for the iptables -X command line argument.
Posted by at No comments:
Labels: ,

Software Release - gpgdir-1.2


The 1.2 release of gpgdir is ready for download. This release concentrates on getting gpgdir to function on non-Linux systems - specifically Windows under Cygwin and FreeBSD. Here is the ChangeLog:
  • Added support for installing gpgdir on Windows under Cygwin (via the install.pl script). Installing gpgdir on FreeBSD systems also works.
  • Added support for installing gpgdir within a user home directory without the need for root access (this requires installing gpgdir with the install.pl script).
  • Added --agent to have gpgdir acquire gpg key password from a running gpg-agent instance.
  • Added --no-password so gpgdir can use a gpg key with no associated password (this is not common). The user is not prompted for a password in this case.
Posted by at No comments:
Labels: ,

Saturday, April 21, 2007

fwsnort-1.0 release


The 1.0 release of fwsnort is ready for download. This release is a major update that adds the ability to build an iptables policy against the NFQUEUE or QUEUE targets in order to perform preliminary content matching in the Linux kernel using the iptables string match extension. Here is the full ChangeLog:

  • Major update to include support for the NFQUEUE and QUEUE targets with new command line options --NFQUEUE and --QUEUE. This changes the default LOG target to the NFQUEUE or QUEUE targets instead, and at the same time builds a parallel Snort rule set in the /etc/fwsnort/snort_rules_queue directory. Every Snort rule in this directory has at least one "content" keyword, which fwsnort uses in the resulting iptables policy. This policy only sends those packets to snort_inline via the NFQUEUE or QUEUE target that match a content field within some Snort rule. The end result is that snort_inline should run faster because the vast majority of packets (which are not malicious) are processed via the Linux kernel without ever having to be sent to userspace for analysis. There is a tradeoff here in terms of attack detection; snort_inline does not receive all packets associated with a stream, so it cannot detect attacks quite as effectively (snort_inline does not have an opportunity to look at reassembled buffers). However, this trade off may be acceptable for large sites where performance is more important.
  • Bug fix to remove any existing jump rules from the built-in INPUT, OUTPUT, and FORWARD chains before creating a new jump rules. This allows the fwsnort.sh script to be executed multiple times without creating a new jump rule into the fwsnort chains for each execution.
  • Added the -X command line argument to allow fwsnort to delete all of the fwsnort chains; this emulates the iptables command line argument of the same name.
  • Minor output enhancements and bugfixes to give more insight into the translation process. For example, if fwsnort is run in --snort-sid mode but is unable to translate the specified signatures, the user is notified. Also, any existing /etc/fwsnort/fwsnort.sh script is not archived and erased until fwsnort is actually going to write a new one.
  • Added sid values to iptables comment match string.
  • Bugfix for iptables string match --from and --to values to skip past packet headers. This is an approximation until a new --payload option can be added to the string match extension.
  • Added a single iptables rule testing API internally within fwsnort; this adds a measure of consistency and removes some duplicate code.
  • Added fwsnort mailing list at SourceForge.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)