An alchemists view from the bar

Network Security Alchemy

Archive for November 2010

Pushing the OpenFPC project forward

leave a comment »

A couple of people have been working harder than normal over the last couple of weeks. Edward, and I are happy to push out another OpenFPC test release to the world.

Here is short list of highlights and changes, however there is one point to pay close attention to.

A very kind web developer has started to help the team work on a central user interface for searching and extraction. Ill introduce him and his work in another future post, however in the short term thanks should be sent over to Eduardo!

0.3 Change highlights

  • Multiple configs can co-exist on a single box
  • Sourcefire IPS event parsing fixed
  • Snort-Fast event type no longer required port numbers. Makes multi-session extracts more simple (http attacks for example)
  • Search via bpf (–bpf command line option to openfpc-client)
  • Passwords no longer echo to screen
  • New init scripts to work with the new openfpc command
  • LSB compliant init scripts
  • Better log output (wlog) and verbose message handeling
  • Added better example configs (openfpc-default.conf and openfpc-example-proxy.conf)
  • Enabling session data is now far more simple
  • Included web-ui, now enabled by default
  • Space now renders in GB rather than Bytes
  • Fixed performance hit on cx2db inserting half open sessions.
  • Improved help text
  • The out-of-the-box proxy and node configurations now work with each other
  • CGI interface for full packet integration with other tools

As always, feedback and bugs are welcomed.

 

Written by leonward

November 22, 2010 at 9:09 pm