Bug 11542 (IDSIPSBUGS) - bugs in snort and Guardian with security impact
Summary: bugs in snort and Guardian with security impact
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect an average number of users Security
Assignee: Assigned to nobody - feel free to grab it and work on it
QA Contact: Peter Müller
Keywords: Security, Umbrella
Depends on: 10273 11169 11263 11310 11532 11572 SURICATA
  Show dependency treegraph
Reported: 2017-11-08 20:25 UTC by Peter Müller
Modified: 2019-05-20 18:51 UTC (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2017-11-08 20:25:46 UTC
This is an umbrella bug for all bugs in snort and Guardian with security impact.

(See also: https://wiki.ipfire.org/devel/telco/2017-11-06)
Comment 1 Michael Tremer 2018-01-08 20:41:20 UTC
Raise again https://wiki.ipfire.org/devel/telco/2018-01-08
Comment 2 Peter Müller 2018-07-11 18:23:07 UTC
It turned out that most of these have their source in the Snort configuration and/or IPFires network architecture (especially #10273).
Comment 3 Michael Tremer 2018-07-11 18:24:32 UTC
Most of them have their origin in snort being absolute shite :)

Remember that originally, snort in IPFire was only a host IDS. This has been
(half?) repurposed as network IDS. Hence all these problems. Not supposed to
justify anything, just to explain.
Comment 4 Peter Müller 2018-07-17 20:34:19 UTC
Yesterday, we settled on migrating to Suricata in IPFire 2.x for several reasons:
- Suricata is already settled for 3.x, too
- Snort lacks some important features (multithreading, multiple nfqueues)
- Suricata is under active development (at least more active than Snort)
- Suricata lacks built-in portscan detection, but that is not too bad
- Suricata has built-in IPS mode so we have an alternative to Guardian here

Umbrella bug #11801 contains all steps we need to do for finishing this task.

See also: https://lists.ipfire.org/pipermail/development/2018-July/004612.html

All of the bugs currently filed here are expected to be solved afterwards.
Comment 5 Stefan Schantl 2019-05-20 18:51:05 UTC
All targeted bugs are fixed, so I ensure that this bug can be closed.

Feel free to re-open if any new one appears and this umbrella bug is required again to structure the development process.