| Summary: | bugs in snort and Guardian with security impact | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Peter Müller <peter.mueller> |
| Component: | --- | Assignee: | Assigned to nobody - feel free to grab it and work on it <nobody> |
| Status: | CLOSED FIXED | QA Contact: | Peter Müller <peter.mueller> |
| Severity: | Security | ||
| Priority: | Will affect an average number of users | CC: | daniel.weismueller, horace.michael, matthias.fischer, michael.tremer, stefan.schantl |
| Version: | 2 | Keywords: | Security, Umbrella |
| Hardware: | all | ||
| OS: | All | ||
| Bug Depends on: | 10273, 11169, 11263, 11310, 11532, 11572, 11801 | ||
| Bug Blocks: | |||
|
Description
Peter Müller
2017-11-08 20:25:46 UTC
Raise again https://wiki.ipfire.org/devel/telco/2018-01-08 It turned out that most of these have their source in the Snort configuration and/or IPFires network architecture (especially #10273). Most of them have their origin in snort being absolute shite :) Remember that originally, snort in IPFire was only a host IDS. This has been (half?) repurposed as network IDS. Hence all these problems. Not supposed to justify anything, just to explain. Yesterday, we settled on migrating to Suricata in IPFire 2.x for several reasons: - Suricata is already settled for 3.x, too - Snort lacks some important features (multithreading, multiple nfqueues) - Suricata is under active development (at least more active than Snort) - Suricata lacks built-in portscan detection, but that is not too bad - Suricata has built-in IPS mode so we have an alternative to Guardian here Umbrella bug #11801 contains all steps we need to do for finishing this task. See also: https://lists.ipfire.org/pipermail/development/2018-July/004612.html All of the bugs currently filed here are expected to be solved afterwards. All targeted bugs are fixed, so I ensure that this bug can be closed. Feel free to re-open if any new one appears and this umbrella bug is required again to structure the development process. |