[Dshield] DShield.py 3.0rc3 released
Andrew Rucker Jones
arjones at simultan.dyndns.org
Wed Sep 18 17:56:11 GMT 2002
To all interested and uninterested parties:
First of all, hello! Hope Wednesday is looking good for all of You. :)
Bear with me, this may be long-winded, but i'll try to stick to the point.
I wanted to inform all of You that version 3.0rc3 of the parser
DShield.py has just been released. This version fixes one bug and adds
support for entering the parsed results into a MySQL database. To recap,
DShield.py is an extremely able and fast (somewhat slower if the new
database feature is used) parser for ipchains, iptables, and snort for
DShield submissions. This is planned to be the last release candidate.
However, the last two were supposed to be the last release candidates,
also. This brings me to the next point.
One of the biggest features in 3.0 as compared to 2.0 is the ability to
use GPG when submitting firewall logs. Signing Your submissions makes
the DShield database more trustworthy, and encrypting Your submissions
protects Your firewall logs over the wire. True, the logs are in a
readable form in the database, but unrestricted access to the database
is not available to everyone, and the interfaces available to everyone
else make it difficult to get meaningful information that would be
useful for an attack. The point is, submissions using GPG still don't
work on the DShield side, and polite proding from the two of us (the
DShield.py developers) has not worked. So, if You are interested in
using GPG for submission, please give DShield.py 3.0rc3 a try and send a
quick mail to Johannes to request action. This is the point that has
kept us from releasing 3.0 until now, but we will not delay release any
longer -- after people have had a chance to look at 3.0rc3 and report
any problems they find, we will release 3.0
Looking forward to 4.0, we're planning to add i18n and l10n support.
Translaters are welcome. More parsers are planned, and here also we ask
for anyone interested in testing new parsers to drop us a line -- we
can't possibly have all firewalls on the market between the two of us,
so we would need sample logs and a promise to beta test. Finally, we
want to make the input-parse-output sequence more modular and general to
support more combinations. If anyone has a deep, burning desire to see a
new input source or output destination, please let us know.
If there are any comments to this mail, please copy them to me directly,
because i'm not subscribed to this list.
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.
More information about the list