From frank at snortsam.net Mon Jul 14 10:58:28 2008 From: frank at snortsam.net (Frank Knobbe) Date: Mon, 14 Jul 2008 09:58:28 -0500 Subject: [Snortsam-discussion] [Snortsam-announce] Help In-Reply-To: <000001c8e545$db75e560$9261b020$@cristo@eimahlg.cu> References: <000001c8e545$db75e560$9261b020$@cristo@eimahlg.cu> Message-ID: <1216047508.50064.12.camel@localhost> On Sun, 2008-07-13 at 19:09 -0500, Jos? R. Cristo Almaguer wrote: > Hello need help to solve a problem, when I try to compile the snortsam > Debian I returned the following error and does not create the configuration > file / etc / snortsam.conf > > This is the error. What you list is not an error, just a warning. Snortsam should have been built just fine. Regarding the snortsam.conf, it is not created. You will have to create one yourself. You can use the file snortsam.conf.sample from the snortsam/conf directory and enable the options you like. Not sure how the email made its way into the announcement list. The discussion list should be used for questions like these. Regards, Frank From frank at snortsam.net Fri Jul 18 01:19:16 2008 From: frank at snortsam.net (Frank Knobbe) Date: Fri, 18 Jul 2008 00:19:16 -0500 Subject: [Snortsam-discussion] New Snortsam version 2.56 in CVS. Semi-important bug-fix Message-ID: <1216358356.6864.34.camel@localhost> Greetings, just discovered and fixed a couple bugs in Snortsam. Any DONTBLOCK or OVERRIDE or ACCEPT statement that included an IP address with network mask of /19 was recorded wrong. Other netmasks were not affected. This caused IP's address to be white-listed when they shouldn't. I consider this a semi-important fix. It's not critical, but you really want to have it :) Other fixes include replacement of some brain-dead code (Did I write this?) regarding the sorting and duplicate removal of the Dontblock, Override, Accept, Limit lists. The last one is not important, but the netmask fix is recommended to avoid accidental white-listing (or not white-listing) of IP addresses when then /19 netmask is used. The code has just been committed to CVS. Matt, if you have some time, please check out the latest version from CVS and precompile binaries. Thanks! Frank From jonkman at jonkmans.com Fri Jul 18 16:23:01 2008 From: jonkman at jonkmans.com (Matt Jonkman) Date: Fri, 18 Jul 2008 16:23:01 -0400 Subject: [Snortsam-discussion] New Snortsam version 2.56 in CVS. Semi-important bug-fix In-Reply-To: <1216358356.6864.34.camel@localhost> References: <1216358356.6864.34.camel@localhost> Message-ID: <4880FBA5.4010202@jonkmans.com> A new tarball is available at: http://www.snortsam.net/files/snortsam/snortsam-src-2.60.tar.gz Happy snortsamming! Thanks Frank! Matt Frank Knobbe wrote: > Greetings, > > just discovered and fixed a couple bugs in Snortsam. Any DONTBLOCK or > OVERRIDE or ACCEPT statement that included an IP address with network > mask of /19 was recorded wrong. Other netmasks were not affected. This > caused IP's address to be white-listed when they shouldn't. I consider > this a semi-important fix. It's not critical, but you really want to > have it :) > > Other fixes include replacement of some brain-dead code (Did I write > this?) regarding the sorting and duplicate removal of the Dontblock, > Override, Accept, Limit lists. > > The last one is not important, but the netmask fix is recommended to > avoid accidental white-listing (or not white-listing) of IP addresses > when then /19 netmask is used. > > The code has just been committed to CVS. > > Matt, if you have some time, please check out the latest version from > CVS and precompile binaries. > > Thanks! > Frank > > > _______________________________________________ > Snortsam-discussion mailing list > Snortsam-discussion at snortsam.net > http://lists.snortsam.net/mailman/listinfo/snortsam-discussion -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc