Anonymous | Login | 2024-12-03 10:33 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0006721 | ClearOS | syswatch | public | 2015-12-10 08:09 | 2016-01-28 12:23 | ||||
Reporter | bchambers | ||||||||
Assigned To | user2 | ||||||||
Priority | normal | Severity | major | Reproducibility | sometimes | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 7.1.0 | ||||||||
Target Version | 7.2.0 | Fixed in Version | 7.2.0 | ||||||
Summary | 0006721: IPS can block ClearOS's WAN IP | ||||||||
Description | Logged into a box yesterday where snortsam had created a rule that blocked all traffic from ClearOS's WAN IP. SID was 3000001. Darryl thought that in past versions, it was impossible for snortsam to block an IP associated with the server. Something changed? | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0002401) user2 2015-12-10 08:36 |
WAN IPs, DNS servers, and gateways should be getting added to the Snortsam whitelist. A missed network event? Do you still have access to the system? What's the system name? |
(0002411) user2 2015-12-10 19:59 |
Confirmed. The /etc/snortsam.d/system-autowhitelist.conf was populated, but the system IP list was empty: # This file is auto-generated by syswatch # Ping servers dontblock 54.152.208.245 dontblock 8.8.8.8 # DNS servers dontblock 192.168.11.4 # System IP addresses <--- nada Syswatch handles the auto-whitelist, though this should really be moved to the clearsync/event system. |
(0002421) user2 2015-12-10 20:08 |
The ifconfig output changed a bit in ClearOS 7 - parser needed an update. |
Issue History | |||
Date Modified | Username | Field | Change |
2015-12-10 08:09 | bchambers | New Issue | |
2015-12-10 08:36 | user2 | Note Added: 0002401 | |
2015-12-10 19:59 | user2 | Note Added: 0002411 | |
2015-12-10 20:00 | user2 | Status | new => confirmed |
2015-12-10 20:00 | user2 | Category | app-intrusion-prevention - Intrusion Prevention => syswatch |
2015-12-10 20:06 | user2 | Status | confirmed => resolved |
2015-12-10 20:06 | user2 | Fixed in Version | => 7.1.0 Updates |
2015-12-10 20:06 | user2 | Resolution | open => fixed |
2015-12-10 20:06 | user2 | Assigned To | => user2 |
2015-12-10 20:07 | user2 | Fixed in Version | 7.1.0 Updates => 7.2.0 Beta 1 |
2015-12-10 20:07 | user2 | Target Version | => 7.2.0 Beta 1 |
2015-12-10 20:08 | user2 | Note Added: 0002421 | |
2016-01-01 12:56 | user2 | Fixed in Version | 7.2.0 Beta 1 => 7.2.0 |
2016-01-01 12:59 | user2 | Target Version | 7.2.0 Beta 1 => 7.2.0 |
2016-01-28 12:23 | user2 | Status | resolved => closed |