This is a milestone release that not only pulls in all the recent updates to the NSM administration scritps as well as barnyard2 but also comes with its very own installer (based on debian-installer).

One of the most requested features was to be able to install to the HDD and finally we have achieved it. I can’t say enough good things about the Debian backbone, suffice to say that is why we chose to use it for our foundation.

It comes in the CD/DVD ISO flavour as well as the USB-HDD flavour for all you live USB fans out there. We welcome any and all feedback, after all we are here to help you improve your network security practices and setups so let us know what you want.

Like Snort, barnyard2 is capable of intrepeting IPv6 traffic. However, there is currently no output plugins outputting IPv6 formatted event messages.

We would like to start integrating IPv6 support into the spo_alert_syslog and spo_alert_fast plugins to ensure some plugins are compliant as IPv6 begins its slow transition into service.

To assist us with the development and debugging of these features we would like to request any unified2 logs of IPv6 traffic, also containing alert information, that you may have. At this stage we only require small log files containing anywhere from 10 – 1000 events. If you are able to help then send an email to our dev team.

This update to barnyard provides some significant reworking of the database plugin and its event spooler/parser. The “alert” and “log” databases should now work as advertised. Appropriate fixes in the core have been migrated from the Snort 2.8.3.2 core as appropriate.

Some minor updates have been rolled into the spooler and calming down the warnings as well as some extraneous whitespace in the alert_syslog plugin.

We’ve been informed that a CentOS 5 RPM is being worked up for this release so we look forward to getting some feedback fromthe CentOS community.

Given that NSMnow and the associated NSM adminstration scripts have come a fair way in the last few months it was about time we decided to push a new release of Securix-NSM out there. This release obviously includes the latest releases of the NSM administration scripts but also the latest addition to barnyard2. It is built on the latest Lenny repository (as of 08 Feb 08) and thus benefits from all its updates over the last few months.

The most notable inclusion is that of the installer. You now have the ability to install Securix-NSM to your HDD for a permenant installation. Another noteworthy inclusion is that we are now shipping it in to formats; a CD/DVD ISO as well as a USB-HDD friendly IMG. In regards to installing to a USB-HDD check out the FAQ.

Although this is a beta release, it should be perform just fine. We will however release a final version some time after Debian Lenny goes stable. In the meantime you have a window to influence what you would like to see in the 1.3 Final release.

This update contains udpated link information to the new version of barnyard2 as well as some more tighter control with the process management on the sensor.

Currently “–skip-*” directives allow you to skip one of the sub processes of a sensor. Sometimes the converse is also handy, where you only want to action one or two of the sub processes. The “–only-*” directives have been included to do just that. Now if you only want to restart the snort alerting process on sensor “thor” you can use the following:

$ sudo nsm --sensor --restart --only-snort-alert

Lastly this option has also been integrated into the daily restart script in /etc/cron.d and should prove more stable.

Enjoy!

We’ve had a few small patches, mostly typos in documentation, that have been lying around for a couple of weeks and thought it be best just to push out a small udpate.

Two patches of note are:

1. a new configure option has been include to allow for custom paths to the libpcap header files (for those using custom libpcap libraries), and
2. the parameters for the sguil plugin can be either comma (,) or space ( ) separated. The documentation refers to space separated only.

Enjoy!

Well I’ve brushed up on a lot of my skills with DNS, apache, SMTP/POP mailboxes, authentication, MySQL and all relevant tuning thereof. I’m happy to say that I’m 99.9% sure that everything is running as it should be.

You may well have had some problems with NSMnow over the last few days with some of our active links (namely barnyard2) being down. They should all be up and running again and if not I’m sure you’ll let us know in due course.

Now it’s time to get on with some more coding.

Well it’s been a little up and down with the transition. The website was there, then it wasn’t, then it was there again, suffice to say I have brushed up on my DNS do(s) and don’t(s).

If  you’ve been sending to the mailing lists then chances are you will be receiving some bounces in the near future, if you haven’t already. This is due to the mailing setups not quite ready yet. This may take a little longer than anticipated, but will encourage you to use the comments here and we’ll work from there.

Once all is up and rocking again, we’ll let you know.

Fingers crossed!