Honeywall 1.2

honeypot memo

アップしてるみたいですね.
弄る(心の)余裕があるか分からないけどメモ.

What Is New

* Numerous Bug Fixes.
* Thanks to Sourcefire, the Honeywall CDROM is now distributed with the latest version of the Sourcefire VRT Certified Rules for Snort and Snort_Inline.
* Added Oinkmaster and Snortconfig to automate Snort(IDS) and Snort-inline (IPS) rule updates.
*
* We updated Snort to version 2.6.1.4.
* Updated the functionality of Snort-Inline. In versions of Roo prior to version 1.1.hw-1 there were a limited number of IPS rules that were hand picked for versatility. They were all known to function well with the 'Action' field set to either of DROP, REJECT, or REPLACE. Now that we are utilizing the entire VRT rule set for both IDS and IPS rules this is no longer true. We have removed the ability to set all IPS rules to either of DROP/REJECT/REPLACE. Instead the decision on which action is appropriate for each IPS rule is being passed off to 'snortconfig' which was written and is maintained by Brian Caswell, who has written a snort rule or two.
* Since the Ethereal Core development team is now working on wireshark, which is of the same code base, we have made the move from tethereal 0.10.14 to Wireshark 0.99.5. We really only "require" the mergecap utility but we also include the very handy cli capture tool formerly known as tethereal (now tshark).
* Changed the update process so that, by default, ALL updates for roo will come from the Honeynet Project yum repo instead of the various independent OS and application repos. This will enable us to test updates before they are received to ensure that updates don't break Roo. Optionally, one can use the tool 'hwrepoconf' to enable OS / application repos if you desire quicker (but untested) updates as they become available.
* Added the ability to filter out unwanted traffic in all of the onboard capture processes thus eliminating some of the "needles" in your "haystack" of data. By default, the only data captured will be that flowing either to or from the currently configured list of Honeypots.