| Anonymous | Login | 2024-11-21 03:40 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0008201 | ClearOS | app-intrusion-prevention - Intrusion Prevention | public | 2016-05-01 06:07 | 2016-05-04 15:34 | ||||
| Reporter | dtech | ||||||||
| Assigned To | user2 | ||||||||
| Priority | high | Severity | minor | Reproducibility | have not tried | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | ClearOS Community | OS Version | 6.7.0 | |||||
| Product Version | 6.7.0 | ||||||||
| Target Version | Fixed in Version | 7.2.0 Updates | |||||||
| Summary | 0008201: 0426 ClearSDN intrusion protection update broken | ||||||||
| Description | I have two ClearOS 6.7 servers at different locations with Intrusion Protection subscriptions, and neither one is showing any IP addresses in the Blocked List. Both servers stopped blocking hosts on April 27 at about 4:00 PM EST. As it happens this is right about the time that the 0426 ClearSDN intrusion protection update was automatically applied. From another user: I confirm. I'm using ClearOS Home Edition and since the last intrusion-prevention update no more IP banned before that I had a lot of banned IP. A quick look in /etc/snort.d/rules/clearcenter, only one alert activate snortsam. What I did: cat /etc/snort.d/rules/clearclenter/*.rules | grep fwsam: and this is what I get: alert tcp $EXTERNAL_NET any -> $HOME_NET 995 (msg:"ET SCAN Rapid POP3S Connections - Possible Brute Force Attack"; flags: S,12; threshold: type both, track by_src, count 30, seconds 120; reference:url,doc.emergingthreats.net/2002993; classtype:misc-activity; sid:2002993; rev:6; fwsam: src, 1 day Every rules who normaly should activate snortsam miss this statement "fwsam: src, 1 day" at the end of each alert. | ||||||||
| Additional Information | Forum thread: https://www.clearos.com/clearfoundation/social/community/banned-ip-list-empty [^] | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003161) user2 2016-05-02 10:20 |
A new rule set will be released before the end of the day. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-05-01 06:07 | dtech | New Issue | |
| 2016-05-02 10:20 | user2 | Note Added: 0003161 | |
| 2016-05-02 10:20 | user2 | Status | new => resolved |
| 2016-05-02 10:20 | user2 | Fixed in Version | => 7.2.0 |
| 2016-05-02 10:20 | user2 | Resolution | open => fixed |
| 2016-05-02 10:20 | user2 | Assigned To | => user2 |
| 2016-05-04 15:34 | user2 | Status | resolved => closed |
| 2016-05-04 15:34 | user2 | Fixed in Version | 7.2.0 => 7.2.0 Updates |
|
Issue History |