[Dshield] DShield.py 3.0rc3 released

Andrew Rucker Jones arjones at simultan.dyndns.org
Wed Sep 18 17:56:11 GMT 2002


To all interested and uninterested parties:
	First of all, hello! Hope Wednesday is looking good for all of You. :) 
Bear with me, this may be long-winded, but i'll try to stick to the point.
	I wanted to inform all of You that version 3.0rc3 of the parser 
DShield.py has just been released. This version fixes one bug and adds 
support for entering the parsed results into a MySQL database. To recap, 
DShield.py is an extremely able and fast (somewhat slower if the new 
database feature is used) parser for ipchains, iptables, and snort for 
DShield submissions. This is planned to be the last release candidate. 
However, the last two were supposed to be the last release candidates, 
also. This brings me to the next point.
	One of the biggest features in 3.0 as compared to 2.0 is the ability to 
use GPG when submitting firewall logs. Signing Your submissions makes 
the DShield database more trustworthy, and encrypting Your submissions 
protects Your firewall logs over the wire. True, the logs are in a 
readable form in the database, but unrestricted access to the database 
is not available to everyone, and the interfaces available to everyone 
else make it difficult to get meaningful information that would be 
useful for an attack. The point is, submissions using GPG still don't 
work on the DShield side, and polite proding from the two of us (the 
DShield.py developers) has not worked. So, if You are interested in 
using GPG for submission, please give DShield.py 3.0rc3 a try and send a 
quick mail to Johannes to request action. This is the point that has 
kept us from releasing 3.0 until now, but we will not delay release any 
longer -- after people have had a chance to look at 3.0rc3 and report 
any problems they find, we will release 3.0
	Looking forward to 4.0, we're planning to add i18n and l10n support. 
Translaters are welcome. More parsers are planned, and here also we ask 
for anyone interested in testing new parsers to drop us a line -- we 
can't possibly have all firewalls on the market between the two of us, 
so we would need sample logs and a promise to beta test. Finally, we 
want to make the input-parse-output sequence more modular and general to 
support more combinations. If anyone has a deep, burning desire to see a 
new input source or output destination, please let us know.
	If there are any comments to this mail, please copy them to me directly, 
because i'm not subscribed to this list.

		Sincerely,
		Andrew Jones

-- 
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.




More information about the list mailing list