Bug 11542 (IDSIPSBUGS)

Summary: bugs in snort and Guardian with security impact
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Assigned to nobody - feel free to grab it and work on it <nobody>
Status: CLOSED FIXED QA Contact: Peter Müller <peter.mueller>
Severity: Security    
Priority: Will affect an average number of users CC: daniel.weismueller, horace.michael, matthias.fischer, michael.tremer, stefan.schantl
Version: 2Keywords: Security, Umbrella
Hardware: all   
OS: All   
Bug Depends on: 10273, 11169, 11263, 11310, 11532, 11572, 11801    
Bug Blocks:    

Description Peter Müller 2017-11-08 20:25:46 UTC
This is an umbrella bug for all bugs in snort and Guardian with security impact.

(See also: https://wiki.ipfire.org/devel/telco/2017-11-06)
Comment 1 Michael Tremer 2018-01-08 20:41:20 UTC
Raise again https://wiki.ipfire.org/devel/telco/2018-01-08
Comment 2 Peter Müller 2018-07-11 18:23:07 UTC
It turned out that most of these have their source in the Snort configuration and/or IPFires network architecture (especially #10273).
Comment 3 Michael Tremer 2018-07-11 18:24:32 UTC
Most of them have their origin in snort being absolute shite :)

Remember that originally, snort in IPFire was only a host IDS. This has been
(half?) repurposed as network IDS. Hence all these problems. Not supposed to
justify anything, just to explain.
Comment 4 Peter Müller 2018-07-17 20:34:19 UTC
Yesterday, we settled on migrating to Suricata in IPFire 2.x for several reasons:
- Suricata is already settled for 3.x, too
- Snort lacks some important features (multithreading, multiple nfqueues)
- Suricata is under active development (at least more active than Snort)
- Suricata lacks built-in portscan detection, but that is not too bad
- Suricata has built-in IPS mode so we have an alternative to Guardian here

Umbrella bug #11801 contains all steps we need to do for finishing this task.

See also: https://lists.ipfire.org/pipermail/development/2018-July/004612.html

All of the bugs currently filed here are expected to be solved afterwards.
Comment 5 Stefan Schantl 2019-05-20 18:51:05 UTC
All targeted bugs are fixed, so I ensure that this bug can be closed.

Feel free to re-open if any new one appears and this umbrella bug is required again to structure the development process.