[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfire-development
Subject:    RE: Guardian 2.0
From:       Blago Culjak <blago.culjak () hotmail ! com>
Date:       2015-02-20 7:55:50
Message-ID: DUB120-W5D075C0EAB1F796CFEFCD9C2A0 () phx ! gbl
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I have also noted that in guardian logs, I do have some IP that have been blocked, \
but I dont see them in iptables Guardian chain. So it's not working properly.

I would also suggest a feature, more about it, you can find here:
http://forum.ipfire.org/viewtopic.php?f=52&t=12639

I would be great if triggered rule would block destination IP (of course, we do not \
block RED, Gateway or DNS Servers), to ensure that infected computer is not \
communicating with C&C server. Now, I only see that only source IP that attack our \
network are being blocked.

Subject: Re: Guardian 2.0
From: stefan.schantl@ipfire.org
To: development@lists.ipfire.org
Date: Thu, 19 Feb 2015 21:24:05 +0100

Hello Blago Culjak,
 
thanks for joining the testing team and for sharing your experience with
us.
 
I guess there is still an instance of the old guardian running on the
system. On my test systems I have not seen this kind of problem.
 
Please check with "ps aux | grep guardian" for running guardian
processes and kill the by using "kill <PID>". Then please try to launch
guardian again and check the web interface.
 
Best regards,
 
-Stefan
> Hello, first of all guys, great job on new features, especially GeoIP
> and new Guardian, this are the features that are of great value. 
> 
> I will try to contribute on my part by testing, and translating Ipfire
> to Croatian.
> 
> I have installed Guardian 2.10, just like in the IpFire planet post. I
> have now in Web interface new Guardian option, and I have setup
> basics. I have enabled the Guardian, but it just won't run. It always
> displays stopped in Web Interface.
> 
> Issuing command:
> guardianctrl start
> Starting Guardian...
> Unable to continue: /usr/bin/guardian is running 
> 
> It displays that it's running. However, trying to stop it, displays
> this error:
> guardianctrl stop
> /etc/rc.d/init.d/guardian: line 33: [: too many arguments
> 
> I have setuped a log in debug mode, but it doesnt give any more
> information, other then this:
> 
> /usr/bin/guardian -d
> My host IP-address is: 5.133.x.x
> My gatewayaddess is: 85.94.x.x
> Loaded 1 entries from /var/ipfire/guardian/guardian.ignore
> Created watcher for /var/log/snort/alert
> Created watcher for /var/log/messages
> Created watcher for /var/log/httpd/error_log
> Running in debug mode...
> 
> I can tell that no new firewall entries have been loaded into iptables
> regarding guardian, so it must not be running properly.
> 
> Please advise.
> 
> regards from midly warm Croatia
> 
> Blago Culjak
> 
> 
> _______________________________________________
> Development mailing list
> Development@lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
 

_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development 		 	   		  


[Attachment #5 (text/html)]

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I have also noted that in guardian logs, I do \
have some IP that have been blocked, but I dont see them in iptables Guardian chain. \
So it's not working properly.<br><br>I would also suggest a feature, more about it, \
you can find here:<br><a \
href="http://forum.ipfire.org/viewtopic.php?f=52&amp;t=12639" \
target="_blank">http://forum.ipfire.org/viewtopic.php?f=52&amp;t=12639</a><br><br>I \
would be great if triggered rule would block destination IP (of course, we do not \
block RED, Gateway or DNS Servers), to ensure that infected computer is not \
communicating with C&amp;C server. Now, I only see that only source IP that attack \
our network are being blocked.<br><br><div>Subject: Re: Guardian 2.0<br>From: \
stefan.schantl@ipfire.org<br>To: development@lists.ipfire.org<br>Date: Thu, 19 Feb \
2015 21:24:05 +0100<br><br><pre>Hello Blago Culjak,<br> <br>thanks for joining the \
testing team and for sharing your experience with<br>us.<br> <br>I guess there is \
still an instance of the old guardian running on the<br>system. On my test systems I \
have not seen this kind of problem.<br> <br>Please check with "ps aux | grep \
guardian" for running guardian<br>processes and kill the by using "kill &lt;PID&gt;". \
Then please try to launch<br>guardian again and check the web interface.<br> <br>Best \
regards,<br> <br>-Stefan<br>&gt; Hello, first of all guys, great job on new features, \
especially GeoIP<br>&gt; and new Guardian, this are the features that are of great \
value. <br>&gt; <br>&gt; I will try to contribute on my part by testing, and \
translating Ipfire<br>&gt; to Croatian.<br>&gt; <br>&gt; I have installed Guardian \
2.10, just like in the IpFire planet post. I<br>&gt; have now in Web interface new \
Guardian option, and I have setup<br>&gt; basics. I have enabled the Guardian, but it \
just won't run. It always<br>&gt; displays stopped in Web Interface.<br>&gt; <br>&gt; \
Issuing command:<br>&gt; guardianctrl start<br>&gt; Starting Guardian...<br>&gt; \
Unable to continue: /usr/bin/guardian is running <br>&gt; <br>&gt; It displays that \
it's running. However, trying to stop it, displays<br>&gt; this error:<br>&gt; \
guardianctrl stop<br>&gt; /etc/rc.d/init.d/guardian: line 33: [: too many \
arguments<br>&gt; <br>&gt; I have setuped a log in debug mode, but it doesnt give any \
more<br>&gt; information, other then this:<br>&gt; <br>&gt; /usr/bin/guardian \
-d<br>&gt; My host IP-address is: 5.133.x.x<br>&gt; My gatewayaddess is: \
85.94.x.x<br>&gt; Loaded 1 entries from /var/ipfire/guardian/guardian.ignore<br>&gt; \
Created watcher for /var/log/snort/alert<br>&gt; Created watcher for \
/var/log/messages<br>&gt; Created watcher for /var/log/httpd/error_log<br>&gt; \
Running in debug mode...<br>&gt; <br>&gt; I can tell that no new firewall entries \
have been loaded into iptables<br>&gt; regarding guardian, so it must not be running \
properly.<br>&gt; <br>&gt; Please advise.<br>&gt; <br>&gt; regards from midly warm \
Croatia<br>&gt; <br>&gt; Blago Culjak<br>&gt; <br>&gt; <br>&gt; \
_______________________________________________<br>&gt; Development mailing \
list<br>&gt; Development@lists.ipfire.org<br>&gt; <a \
href="http://lists.ipfire.org/mailman/listinfo/development" \
target="_blank">http://lists.ipfire.org/mailman/listinfo/development</a><br> \
<br></pre><br>_______________________________________________ Development mailing \
list Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development</div> 		 	   		  </div></body>
</html>



_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic