We have done it! We have released the first version of our brand-spanking new IDP engine named Suricata. For more info please see the official release announcement on the OISF website. Everybody on the team has been working hard day and night for these last six months to get this far.
As Victor mentioned in his post if you find a bug or have any feedback please don't hesitate to let us know via the project's redmine page.
Thursday, December 31, 2009
Sunday, November 29, 2009
Very quick look at zero-copy bpf in FreeBSD 8.0
So it appears as if they have finally integrated Zero-Copy bpf support into FreeBSD 8.0. I have not had any time to do any real performance tests but I thought I would just throw a few little notes up about it. Zero-Copy BPF is not enabled by default, to enable it you must do the following.
sysctl net.bpf.zerocopy_enable=1
Once you set this option you can fire up any libpcap based application and it should use the zero-copy functionality. It appears as if there was a patch to netstat that wasn't integrated for the 8.0 release but can be found here. A few little fixes namely converting the %lu printfs to %llu instead will give you a netstat that will produce stats about zero-copy operations.
without zero-copy sysctl option set to zero...
./netstat -s -B
tcpdump: pid 3402 on ed0:
376 packets received
376 packets matched receive filter
0 packets dropped
0 current hold buffer size
1146 current store buffer size
0 packets written
0 packets matched write filter
0 packet writes failed
0 zero copy operations
with zero-copy sysctl option set to 1
FreeBSD-32-bit# ./netstat -s -B
tcpdump: pid 3424 on ed0:
745 packets received
745 packets matched receive filter
0 packets dropped
0 current hold buffer size
830 current store buffer size
0 packets written
0 packets matched write filter
0 packet writes failed
1490 zero copy operations
sysctl net.bpf.zerocopy_enable=1
Once you set this option you can fire up any libpcap based application and it should use the zero-copy functionality. It appears as if there was a patch to netstat that wasn't integrated for the 8.0 release but can be found here. A few little fixes namely converting the %lu printfs to %llu instead will give you a netstat that will produce stats about zero-copy operations.
without zero-copy sysctl option set to zero...
./netstat -s -B
tcpdump: pid 3402 on ed0:
376 packets received
376 packets matched receive filter
0 packets dropped
0 current hold buffer size
1146 current store buffer size
0 packets written
0 packets matched write filter
0 packet writes failed
0 zero copy operations
with zero-copy sysctl option set to 1
FreeBSD-32-bit# ./netstat -s -B
tcpdump: pid 3424 on ed0:
745 packets received
745 packets matched receive filter
0 packets dropped
0 current hold buffer size
830 current store buffer size
0 packets written
0 packets matched write filter
0 packet writes failed
1490 zero copy operations
Wednesday, November 11, 2009
clang static-analyzer == awesomeness
If you are looking for a good open source static analyzer for c/c++ you know that it is slim pickins out there. There are great tools for detecting memory issues like valgrind and all of it's included goodies. Most open source static code analyzers are out of date, are just to darn difficult to get working (cough* cough* splint), or don't scale well to large projects like flawfinder and it's hey you have a static buffer at line x you better make sure you do proper bounds checking.
So in my search for a static code analyzer I stumbled across the clang static-analyzer and I must say that it is pretty darn amazing. While it doesn't detect buffer overflows at the time of writing, it informs the user of a ton of other issues that when resolved can lead to cleaner more efficient code. I'm just going to summarize the steps that I went through to get it up and running. Most of these steps are on the clang static-analyzer site or came from this blog post.
1. Checkout llvm using subversion
svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
2. Checkout clang using subversion
cd llvm/tools
svn co http://llvm.org/svn/llvm-project/cfe/trunk clang
3. Build llvm and clang
cd ..
./configure --prefix=/opt/clang
make
sudo make install
4.Clang static-analyzer isn't installed with make install so lets move it to the location where we installed everything else.
sudo mv tools/clang/utils /opt/clang/
5.Add the different clang dirs to your $PATH. Usually this can be done by adding a line similar to the following in /etc/profile.
PATH=$PATH:/opt/clang/bin:/opt/clang/libexec:/opt/clang/utils
6.Go into the directory where your source code resides. If you have code that follows the normal ./configure, make, make install type of build you will want to do the following.
scan-build ./configure
scan-build -o /var/www/html/testresults make
7. Once it is completed you should see a message like "x diagnostics generated." Fire up your browser and got to the /testresults/ dir on the web server where you dumped your results. The interface is amazing as once you click on a bug it will actually walk you through the code, and do things for you like expand macros etc.
Enjoy ;-)
So in my search for a static code analyzer I stumbled across the clang static-analyzer and I must say that it is pretty darn amazing. While it doesn't detect buffer overflows at the time of writing, it informs the user of a ton of other issues that when resolved can lead to cleaner more efficient code. I'm just going to summarize the steps that I went through to get it up and running. Most of these steps are on the clang static-analyzer site or came from this blog post.
1. Checkout llvm using subversion
svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
2. Checkout clang using subversion
cd llvm/tools
svn co http://llvm.org/svn/llvm-project/cfe/trunk clang
3. Build llvm and clang
cd ..
./configure --prefix=/opt/clang
make
sudo make install
4.Clang static-analyzer isn't installed with make install so lets move it to the location where we installed everything else.
sudo mv tools/clang/utils /opt/clang/
5.Add the different clang dirs to your $PATH. Usually this can be done by adding a line similar to the following in /etc/profile.
PATH=$PATH:/opt/clang/bin:/opt/clang/libexec:/opt/clang/utils
6.Go into the directory where your source code resides. If you have code that follows the normal ./configure, make, make install type of build you will want to do the following.
scan-build ./configure
scan-build -o /var/www/html/testresults make
7. Once it is completed you should see a message like "x diagnostics generated." Fire up your browser and got to the /testresults/ dir on the web server where you dumped your results. The interface is amazing as once you click on a bug it will actually walk you through the code, and do things for you like expand macros etc.
Enjoy ;-)
Tuesday, July 7, 2009
.adm template that sets killbits for MS972890
If you want to go the group policy route here you go.... If this blows up your computer, your domain, server farm, blender, I'm not responsible... You have to enable the setting for each inside of the gpo to set the killbit.
CLASS MACHINE
CATEGORY VulnFixes
POLICY "MS 972890 Activex component {011B3619-FE63-4814-8A84-15A194CE9CE3}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0149EEDF-D08F-4142-8D73-D23903D21E90}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0369B4E5-45B6-11D3-B650-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0369B4E6-45B6-11D3-B650-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {055CB2D7-2969-45CD-914B-76890722F112}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {15D6504A-5494-499C-886C-973C9E53B9F1}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1C15D484-911D-11D2-B632-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {334125C0-77E5-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B0353C-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B03543-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B03544-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {418008F3-CF67-4668-9628-10DC52BE1D08}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {577FAA18-4518-445E-8F70-1473F8CF4BA4}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {59DC47A8-116C-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {823535A0-0318-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8A674B4C-1F63-11D3-B64C-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8A674B4D-1F63-11D3-B64C-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {9CD64701-BDF3-4D14-8E03-F12983D86664}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A2E3074E-6C3D-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A2E30750-6C3D-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {AD8E510D-217F-409B-8076-29C5E73B98E8}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {B0EDF163-910A-11D2-B632-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {B64016F3-C9A2-4066-96F0-BD9563314726}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {BB530C63-D9DF-4B49-9439-63453962E598}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C531D9FD-9685-4028-8B68-6E1232079F1E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCC-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCD-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCE-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCF-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CD0-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {D02AAC50-027E-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {FA7C375B-66A7-4280-879D-FD459C84BB02}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
[strings]
VulnFixes="VulnFixes"
Killit="Set kill bit"
CLASS MACHINE
CATEGORY VulnFixes
POLICY "MS 972890 Activex component {011B3619-FE63-4814-8A84-15A194CE9CE3}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0149EEDF-D08F-4142-8D73-D23903D21E90}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0369B4E5-45B6-11D3-B650-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0369B4E6-45B6-11D3-B650-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {055CB2D7-2969-45CD-914B-76890722F112}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {15D6504A-5494-499C-886C-973C9E53B9F1}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1C15D484-911D-11D2-B632-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {334125C0-77E5-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B0353C-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B03543-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {37B03544-A4C8-11D2-B634-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {418008F3-CF67-4668-9628-10DC52BE1D08}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {577FAA18-4518-445E-8F70-1473F8CF4BA4}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {59DC47A8-116C-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {823535A0-0318-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8A674B4C-1F63-11D3-B64C-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {8A674B4D-1F63-11D3-B64C-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {9CD64701-BDF3-4D14-8E03-F12983D86664}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A2E3074E-6C3D-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A2E30750-6C3D-11D3-B653-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {AD8E510D-217F-409B-8076-29C5E73B98E8}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {B0EDF163-910A-11D2-B632-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {B64016F3-C9A2-4066-96F0-BD9563314726}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {BB530C63-D9DF-4B49-9439-63453962E598}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C531D9FD-9685-4028-8B68-6E1232079F1E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCC-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCD-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCE-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CCF-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C5702CD0-9B79-11D3-B654-00C04F79498E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {D02AAC50-027E-11D3-9D8E-00C04F72D980}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
POLICY "MS 972890 Activex component {FA7C375B-66A7-4280-879D-FD459C84BB02}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
EXPLAIN Killit
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
[strings]
VulnFixes="VulnFixes"
Killit="Set kill bit"
Wednesday, April 8, 2009
Small Update to PcapParser
I have uploaded a new version of PcapParser for all 3 of you who are probably using it ;-). It has small fixes.
1. The last pcap file in the array wasn't being added to the search list when using argus data and the last connection time was > the pcap file timestamp.
2. I set the default linktype to be ethernet in the bpfcompile php extension so that we could match on mac addresses. If you need it to be somthing else you will have to modify it.
http://doc.emergingthreats.net/pub/Main/PcapParser/pcapp-0.1.tar.bz2
md5sum:e6d71d9a4dd0c5ee7ed033c17150d785
Additionally there was recently a question to the snort mailing list about automating extraction of sessions etc. I have upload the script that I use to automate this. Essentially it tails a barnyard generated csv file, and then runs parsep4 based on matched sids.
I have uploaded this to the pcap parser page as well just incase you are looking for a crappy script to do this for you ;-)....
http://doc.emergingthreats.net/pub/Main/PcapParser/sentinal.tar.bz2
md5sum:0be132cd3ac15b184af3e4b39ece4f1a
1. The last pcap file in the array wasn't being added to the search list when using argus data and the last connection time was > the pcap file timestamp.
2. I set the default linktype to be ethernet in the bpfcompile php extension so that we could match on mac addresses. If you need it to be somthing else you will have to modify it.
http://doc.emergingthreats.net/pub/Main/PcapParser/pcapp-0.1.tar.bz2
md5sum:e6d71d9a4dd0c5ee7ed033c17150d785
Additionally there was recently a question to the snort mailing list about automating extraction of sessions etc. I have upload the script that I use to automate this. Essentially it tails a barnyard generated csv file, and then runs parsep4 based on matched sids.
I have uploaded this to the pcap parser page as well just incase you are looking for a crappy script to do this for you ;-)....
http://doc.emergingthreats.net/pub/Main/PcapParser/sentinal.tar.bz2
md5sum:0be132cd3ac15b184af3e4b39ece4f1a
Monday, February 16, 2009
New Version of PCAP Parser
I have updated my PcapParser to support more options and have included a web interface. You can download the latest version here. The web interface uses a php extension that you must install that verifies bpf syntax that is passed as userinput. I'm using pfring so if you are not look at the README in the bpfcompile subdirectory for instructions. The perl script also now requires
Net::Pcap and Mail::Sendmail.
The updated version also has a configuration file that usually lives at /etc/pcapp/pcapp.conf.
All of the options can also be passed as command line options. Anything passed via command line overrides what is in the config file.
The pcap parser will work with or without the web interface. The conf file has to modified to fit your environment.
If you are using the web interface you must also modify the processpcap2_conf.php to supply the directories where your argus and pcap files are stored. These should be the same as your pcapdir and argusdir in your pcapp.conf file
Sample command line usage...
In this example we are going to use all argus files to extract sessiondata about our attacker and then use that to determine which out of all of our pcap files traffic resides in. The traffic is then merged into a single pcap and then tcpflow,chaosreader,afterglow and honeysnap are run against the pcap. The files are then md5sum'd and the output of these runs are put into a tar.bz file with a web index.
/usr/bin/parsep4.pl -ip="192.168.1.1" -netmask="32" -argusnum=0 -pcapnum=0 -dotcpflow=yes -domd5deep=yes -dochaosreader=yes -doafterglow=yes -dohoneysnap=yes
This is the same as above although now we are using a bpf to see all tcp traffic that is not 80,443,20, or 21, and we are only looking through the last 1 argus file i.e. today's traffic.
/usr/bin/parsep4.pl -bpf="tcp and not port 80 and not port 443 and not port 21 and not port 20" -argusnum=1 -pcapnum=0 -dotcpflow=yes -domd5deep=yes -dochaosreader=yes -doafterglow=yes -dohoneysnap=yes
Sunday, February 1, 2009
PF_RING/IPSET rpms for CentOS5
Matt Jonkman over at emerging threats was nice enough to host a CentoOS5 rpm repo for me. I have created a set of i686 kernel rpms that have been patched to include PF_RING and ipset. I did not backport libpcap to the version included with CentOS5 so you will have to recompile your libpcap based tools if you decide to use the pf_ring/libpcap based stuff for the 0.9.7 version in the repo. I also have included rpms for the latest apache etc so I suggest if you use a file to throw into /etc/yum.repos.d/ you use the include/exclude stuff options so that you only pull the items that you need/want. There are quite a few other useful tools that have been recomipled to use libpfring.
To use ipset you will have to remove your existing iptables version and replace it with the one in the repo.
link to the repo..
http://www.emergingthreats.net/emergingrepo/
I have also modified the script created by Joshua Gimer for updating the fw rules using ipset which you can download here.
http://doc.emergingthreats.net/pub/Main/EmergingFirewallRules/emerging-ipset-update.pl.txt
To use ipset you will have to remove your existing iptables version and replace it with the one in the repo.
link to the repo..
http://www.emergingthreats.net/emergingrepo/
I have also modified the script created by Joshua Gimer for updating the fw rules using ipset which you can download here.
http://doc.emergingthreats.net/pub/Main/EmergingFirewallRules/emerging-ipset-update.pl.txt
Subscribe to:
Posts (Atom)
