Quantcast
Channel: NethServer Community - Latest posts
Viewing all articles
Browse latest Browse all 110664

IPS really working?

February 19, 2016, 1:24 pm
$
0
0

Hi @all,
I did some penetration tests with kali on my nethserver.
But all attacks I tested were not blocked by the IPS.

I have set it to balanced.
Is the IPS working at the green zone?
Is it correct that are only 24 rules are active?

Here my messages logfile:
Feb 19 22:20:57 mynethserver /sbin/e-smith/db OLD pulledpork=configuration|Policy|security
Feb 19 22:20:57 mynethserver /sbin/e-smith/db NEW pulledpork=configuration|Policy|balanced
Feb 19 22:20:57 mynethserver esmith::event26484: Event: nethserver-pulledpork-save
Feb 19 22:20:57 mynethserver esmith::event26484: expanding /etc/snort/pulledpork.conf
Feb 19 22:20:57 mynethserver esmith::event26484: expanding /etc/snort/dropsid.conf
Feb 19 22:20:57 mynethserver esmith::event26484: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.179774]
Feb 19 22:20:57 mynethserver esmith::event26484:
Feb 19 22:20:57 mynethserver esmith::eventFeb 19 22:20:57 mynethserver esmith::event26484: _____ ____
Feb 19 22:20:57 mynethserver esmith::event26484: ----,\ )
Feb 19 22:20:57 mynethserver esmith::event[26484]:--==\ / PulledPork v0.7.0 - Swine Flu!
Feb 19 22:20:57 mynethserver esmith::eventFeb 19 22:20:57 mynethserver esmith::event26484: .-~~~~-.Y|\_ Copyright (C) 2009-2013 JJ Cummings
Feb 19 22:20:57 mynethserver esmith::event / 66_ cummingsj@gmail.com
Feb 19 22:20:57 mynethserver esmith::event26484: | \ \ _(")
Feb 19 22:20:57 mynethserver esmith::event26484: \ /-| ||'--' Rules give me wings!
Feb 19 22:20:57 mynethserver esmith::event26484: _\ _\
Feb 19 22:20:57 mynethserver esmith::event26484: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Feb 19 22:20:57 mynethserver esmith::event26484:
Feb 19 22:21:01 mynethserver esmith::event26484: Rules tarball download of community-rules.tar.gz....
Feb 19 22:21:01 mynethserver esmith::event26484: Checking latest MD5 for emerging.rules.tar.gz....
Feb 19 22:21:01 mynethserver esmith::event26484: #011They Match
Feb 19 22:21:01 mynethserver esmith::event26484: #011Done!
Feb 19 22:21:01 mynethserver esmith::event26484: Prepping rules from emerging.rules.tar.gz for work....
Feb 19 22:21:01 mynethserver esmith::event26484: #011Done!
Feb 19 22:21:01 mynethserver esmith::event26484: Prepping rules from community-rules.tar.gz for work....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done!
Feb 19 22:21:07 mynethserver esmith::event26484: Reading rules...
Feb 19 22:21:07 mynethserver esmith::event26484: Reading rules...
Feb 19 22:21:07 mynethserver esmith::event26484: Activating balanced rulesets....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Processing /etc/snort/enablesid.conf....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Modified 0 rules
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Processing /etc/snort/dropsid.conf....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Modified 716 rules
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Processing /etc/snort/disablesid.conf....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Modified 0 rules
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Setting Flowbit State....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Enabled 3 flowbits
Feb 19 22:21:07 mynethserver esmith::event26484: #011Enabled 1 flowbits
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Writing /etc/snort/rules/snort.rules....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Generating sid-msg.map....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Writing v1 /etc/snort/sid-msg.map....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Writing /var/log/sid_changes.log....
Feb 19 22:21:07 mynethserver esmith::event26484: #011Done
Feb 19 22:21:07 mynethserver esmith::event26484: Rule Stats...
Feb 19 22:21:07 mynethserver esmith::event26484: #011New:-------0
Feb 19 22:21:07 mynethserver esmith::event26484: #011Deleted:---0
Feb 19 22:21:07 mynethserver esmith::event26484: #011Enabled Rules:----24
Feb 19 22:21:07 mynethserver esmith::event26484: #011Dropped Rules:----716
Feb 19 22:21:07 mynethserver esmith::event26484: #011Disabled Rules:---25890
Feb 19 22:21:07 mynethserver esmith::event26484: #011Total Rules:------26630
Feb 19 22:21:07 mynethserver esmith::event26484: No IP Blacklist Changes
Feb 19 22:21:07 mynethserver esmith::event26484:
Feb 19 22:21:07 mynethserver esmith::event26484: Done
Feb 19 22:21:07 mynethserver esmith::event26484: Please review /var/log/sid_changes.log for additional details
Feb 19 22:21:07 mynethserver esmith::event26484: Fly Piggy Fly!
Feb 19 22:21:07 mynethserver esmith::event26484: Action: /etc/e-smith/events/nethserver-pulledpork-save/S30nethserver-pulledpork-apply SUCCESS [9.753767]
Feb 19 22:21:07 mynethserver esmith::event26484: Event: nethserver-pulledpork-save SUCCESS
Feb 19 22:21:07 mynethserver esmith::event[26497]: Event: nethserver-snort-save
Feb 19 22:21:07 mynethserver esmith::event[26497]: expanding /etc/snort/snort.conf
Feb 19 22:21:07 mynethserver esmith::event[26497]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.147899]
Feb 19 22:21:07 mynethserver esmith::event[26497]: [INFO] service snortd restart
Feb 19 22:21:07 mynethserver snort[25938]: *** Caught Term-Signal
Feb 19 22:21:08 mynethserver esmith::event[26497]: Stopping snort: [ OK ]#015
Feb 19 22:21:09 mynethserver esmith::event[26497]: Starting snort: Spawning daemon child...
Feb 19 22:21:09 mynethserver esmith::event[26497]: My daemon child 26558 lives...
Feb 19 22:21:09 mynethserver esmith::event[26497]: Daemon parent exiting (0)
Feb 19 22:21:09 mynethserver esmith::event[26497]: [ OK ]#015
Feb 19 22:21:09 mynethserver esmith::event[26497]: [INFO] snortd restart
Feb 19 22:21:09 mynethserver esmith::event[26497]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [1.648817]
Feb 19 22:21:09 mynethserver esmith::event[26497]: Event: nethserver-snort-save SUCCESS
Feb 19 22:21:09 mynethserver esmith::event[26563]: Event: firewall-adjust
Feb 19 22:21:09 mynethserver esmith::event[26564]: Event: nethserver-firewall-base-save firewall-adjust
Feb 19 22:21:09 mynethserver esmith::event[26564]: Action: /etc/e-smith/events/nethserver-firewall-base-save/S02providers-cleanup SUCCESS [0.06087]
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/collectd.conf
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/hosts
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/collectd.d/ping.conf
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/lsm/lsm.conf
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/rules
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/zones
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/providers
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/tcrules
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/tcpri
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/rtrules
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/nat
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/stoppedrules
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/policy
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/actions
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/masq
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/tcinterfaces
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/shorewall.conf
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/interfaces
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/maclist
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/tunnels
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /etc/shorewall/hosts
Feb 19 22:21:09 mynethserver esmith::event[26564]: expanding /var/www/html/wpad.dat
Feb 19 22:21:09 mynethserver esmith::event[26564]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.39188]
Feb 19 22:21:10 mynethserver logger: Shorewall restarted
Feb 19 22:21:10 mynethserver esmith::event[26564]: [NOTICE] Shorewall restart
Feb 19 22:21:10 mynethserver esmith::event[26564]: Action: /etc/e-smith/events/nethserver-firewall-base-save/S89nethserver-shorewall-restart SUCCESS [1.125118]
Feb 19 22:21:11 mynethserver esmith::event[26564]: lsm stop/pre-start, process 27042
Feb 19 22:21:11 mynethserver esmith::event[26564]: [INFO] lsm has been started
Feb 19 22:21:11 mynethserver esmith::event[26564]:
Feb 19 22:21:11 mynethserver esmith::event[26564]: [INFO] service collectd restart
Feb 19 22:21:11 mynethserver collectd[26462]: Exiting normally.
Feb 19 22:21:11 mynethserver collectd[26462]: collectd: Stopping 5 read threads.
Feb 19 22:21:11 mynethserver collectd[26462]: ping plugin: Shutting down thread.
Feb 19 22:21:11 mynethserver collectd[26462]: rrdtool plugin: Shutting down the queue thread. This may take a while.
Feb 19 22:21:11 mynethserver esmith::event[26564]: collectd beenden: [ OK ]#015
Feb 19 22:21:11 mynethserver collectd[27079]: Initialization complete, entering read-loop.
Feb 19 22:21:11 mynethserver esmith::event[26564]: collectd starten: [ OK ]#015
Feb 19 22:21:11 mynethserver esmith::event[26564]: [INFO] collectd restart
Feb 19 22:21:11 mynethserver esmith::event[26564]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.374201]
Feb 19 22:21:11 mynethserver esmith::event[26564]: Event: nethserver-firewall-base-save SUCCESS
Feb 19 22:21:11 mynethserver esmith::event[26563]: Action: /etc/e-smith/events/firewall-adjust/S20firewall-adjust SUCCESS [2.078208]
Feb 19 22:21:11 mynethserver esmith::event[26563]: Event: firewall-adjust SUCCESS

Thank you for your help.

Search
Viewing all articles
Browse latest Browse all 110664

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>