[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-development
Subject: RE: Guardian 2.0
From: Blago Culjak <blago.culjak () hotmail ! com>
Date: 2015-02-20 7:55:50
Message-ID: DUB120-W5D075C0EAB1F796CFEFCD9C2A0 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I have also noted that in guardian logs, I do have some IP that have been blocked, \
but I dont see them in iptables Guardian chain. So it's not working properly.
I would also suggest a feature, more about it, you can find here:
http://forum.ipfire.org/viewtopic.php?f=52&t=12639
I would be great if triggered rule would block destination IP (of course, we do not \
block RED, Gateway or DNS Servers), to ensure that infected computer is not \
communicating with C&C server. Now, I only see that only source IP that attack our \
network are being blocked.
Subject: Re: Guardian 2.0
From: stefan.schantl@ipfire.org
To: development@lists.ipfire.org
Date: Thu, 19 Feb 2015 21:24:05 +0100
Hello Blago Culjak,
thanks for joining the testing team and for sharing your experience with
us.
I guess there is still an instance of the old guardian running on the
system. On my test systems I have not seen this kind of problem.
Please check with "ps aux | grep guardian" for running guardian
processes and kill the by using "kill <PID>". Then please try to launch
guardian again and check the web interface.
Best regards,
-Stefan
> Hello, first of all guys, great job on new features, especially GeoIP
> and new Guardian, this are the features that are of great value.
>
> I will try to contribute on my part by testing, and translating Ipfire
> to Croatian.
>
> I have installed Guardian 2.10, just like in the IpFire planet post. I
> have now in Web interface new Guardian option, and I have setup
> basics. I have enabled the Guardian, but it just won't run. It always
> displays stopped in Web Interface.
>
> Issuing command:
> guardianctrl start
> Starting Guardian...
> Unable to continue: /usr/bin/guardian is running
>
> It displays that it's running. However, trying to stop it, displays
> this error:
> guardianctrl stop
> /etc/rc.d/init.d/guardian: line 33: [: too many arguments
>
> I have setuped a log in debug mode, but it doesnt give any more
> information, other then this:
>
> /usr/bin/guardian -d
> My host IP-address is: 5.133.x.x
> My gatewayaddess is: 85.94.x.x
> Loaded 1 entries from /var/ipfire/guardian/guardian.ignore
> Created watcher for /var/log/snort/alert
> Created watcher for /var/log/messages
> Created watcher for /var/log/httpd/error_log
> Running in debug mode...
>
> I can tell that no new firewall entries have been loaded into iptables
> regarding guardian, so it must not be running properly.
>
> Please advise.
>
> regards from midly warm Croatia
>
> Blago Culjak
>
>
> _______________________________________________
> Development mailing list
> Development@lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I have also noted that in guardian logs, I do \
have some IP that have been blocked, but I dont see them in iptables Guardian chain. \
So it's not working properly.<br><br>I would also suggest a feature, more about it, \
you can find here:<br><a \
href="http://forum.ipfire.org/viewtopic.php?f=52&t=12639" \
target="_blank">http://forum.ipfire.org/viewtopic.php?f=52&t=12639</a><br><br>I \
would be great if triggered rule would block destination IP (of course, we do not \
block RED, Gateway or DNS Servers), to ensure that infected computer is not \
communicating with C&C server. Now, I only see that only source IP that attack \
our network are being blocked.<br><br><div>Subject: Re: Guardian 2.0<br>From: \
stefan.schantl@ipfire.org<br>To: development@lists.ipfire.org<br>Date: Thu, 19 Feb \
2015 21:24:05 +0100<br><br><pre>Hello Blago Culjak,<br> <br>thanks for joining the \
testing team and for sharing your experience with<br>us.<br> <br>I guess there is \
still an instance of the old guardian running on the<br>system. On my test systems I \
have not seen this kind of problem.<br> <br>Please check with "ps aux | grep \
guardian" for running guardian<br>processes and kill the by using "kill <PID>". \
Then please try to launch<br>guardian again and check the web interface.<br> <br>Best \
regards,<br> <br>-Stefan<br>> Hello, first of all guys, great job on new features, \
especially GeoIP<br>> and new Guardian, this are the features that are of great \
value. <br>> <br>> I will try to contribute on my part by testing, and \
translating Ipfire<br>> to Croatian.<br>> <br>> I have installed Guardian \
2.10, just like in the IpFire planet post. I<br>> have now in Web interface new \
Guardian option, and I have setup<br>> basics. I have enabled the Guardian, but it \
just won't run. It always<br>> displays stopped in Web Interface.<br>> <br>> \
Issuing command:<br>> guardianctrl start<br>> Starting Guardian...<br>> \
Unable to continue: /usr/bin/guardian is running <br>> <br>> It displays that \
it's running. However, trying to stop it, displays<br>> this error:<br>> \
guardianctrl stop<br>> /etc/rc.d/init.d/guardian: line 33: [: too many \
arguments<br>> <br>> I have setuped a log in debug mode, but it doesnt give any \
more<br>> information, other then this:<br>> <br>> /usr/bin/guardian \
-d<br>> My host IP-address is: 5.133.x.x<br>> My gatewayaddess is: \
85.94.x.x<br>> Loaded 1 entries from /var/ipfire/guardian/guardian.ignore<br>> \
Created watcher for /var/log/snort/alert<br>> Created watcher for \
/var/log/messages<br>> Created watcher for /var/log/httpd/error_log<br>> \
Running in debug mode...<br>> <br>> I can tell that no new firewall entries \
have been loaded into iptables<br>> regarding guardian, so it must not be running \
properly.<br>> <br>> Please advise.<br>> <br>> regards from midly warm \
Croatia<br>> <br>> Blago Culjak<br>> <br>> <br>> \
_______________________________________________<br>> Development mailing \
list<br>> Development@lists.ipfire.org<br>> <a \
href="http://lists.ipfire.org/mailman/listinfo/development" \
target="_blank">http://lists.ipfire.org/mailman/listinfo/development</a><br> \
<br></pre><br>_______________________________________________ Development mailing \
list Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development</div> </div></body>
</html>
_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic