[Dshield] DShield.py 3.0rc2 released!

Eelco Lempsink eelco at wideview.33lc0.net
Tue Jul 2 22:39:05 GMT 2002


Ladies and gentlemen... I'm very proud to announce... 
DShield.py 3.0rc2!

Yep, that's right, DShield's best ipchains/iptables client just got
better ;) (For the impatient: URLs are at the bottom)

Since about two months, Andrew R. Jones joined the DShield.py
development 'team'. In the past he made some great suggestions, and
now he has written a lot of code for DShield.py. 
He extended the SMTP part of the script, added support for PGP
(GPG), optimized the parsing (big time), and added support for the
Snort log format.  (And he didn't even know anything about Python
two months ago ;)

On large files, DShield.py is _way_ faster than the framework client
(Although I didn't really test another log format than iptables, I
think I can make a fairly educated guess about the overall speed of
DShield.py ;). On a file with about 20000 entries it was three times
faster.
Due to the overhead of Python having to load a big script (chockfull
o' functionality :) it's a tad slower on small logfiles, but since
the logfile is small, the real difference isn't big anyway (I'm
talking about 0.1 seconds)

Anyway, since I didn't announce 3.0rc1, here are the most important entries
from the changelog since 2.2 (in somewhat chronological order):

 - Added support for signing and encrypting submissions with GPG
 - Added support for SSL/TLS to mail server
 - Added support for authenticating to mail server
 - Added use of SIZE SMTP verb
 - Added a "User-Agent: DShield.py <version>" header to submissions
 - Fixed TCP flags parsing for iptables entries
 - Changed the log prefix to ignore for iptables to a config option
 - Improved log parsing. It's faster now.
 - Added support for Snort
 - Added minimal support for locales (breaks Python 1.5 compatibility)
 - In report(), LF -> CRLF (fixed thanks to Carlo Wood)

There's one big 'if' about GPG submissions though. There's a (known)
problem with submitting encrypted logs, that Johannes has failed to
fix for some time now... If you didn't include your public key on
sign up, but added it later, it's probably not correctly imported.
I'm sure Johannes will notify 'us' (all the people on the mailing
list, that is) when it's fixed. Please let me know if you use
DShield.py with GPG. (Just interested.)

Furthermore, 3.0rc2 is a beta version, and therefore needs some
testing on other systems that the developers'. Don't be afraid to
submit bug reports, we won't bark (nor bite). You can find our email
addresses at the SourceForge project page (listed with the URL's
below).

Last thing, new developers are always welcome. We would like to
include support for other formats (such as LaBrea) in the near
future. Please mail me if you're interested.

URLs:
- DShield.py project page:
    http://sourceforge.net/projects/dshieldpy

- Download 3.0rc2:
    http://prdownloads.sourceforge.net/dshieldpy/dshieldpy-3.0rc2.tar.gz

- Latest stable version (2.4), only for chickens ;)
    http://prdownloads.sourceforge.net/dshieldpy/dshieldpy-2.4.tar.gz

- Always the latest stable version:
    http://prdownloads.sourceforge.net/dshieldpy/dshieldpy.tar.gz


Eelco
-- 
v++++>7*8-;q;b9*c9*aa*1+:2f*2+-v<[>++++v;;>#;;9p'-6*:+1a+5*aa;#z<>
0-<<-z]>+[>|!<>++++++>++++++>++0+>++++<z<<$<-]>-..>++++++.<--.>+++
n.>>-+----.v<:..<---.<.>>---.--$.<++.<+v+.d>++++++.[-]++++++++++.[
>44*1^<]www>,^<-*55:\-1+*33:+;.>5k,;2*b<33^\"kn"a,*2+1f;#zrlc0.net




More information about the list mailing list