acidlab-users Mailing List for Analysis Console for Intrusion Databases
Status: Beta
Brought to you by:
danyliw
You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(15) |
Nov
(8) |
Dec
(20) |
2003 |
Jan
(13) |
Feb
(17) |
Mar
(26) |
Apr
(39) |
May
(30) |
Jun
(19) |
Jul
(41) |
Aug
(36) |
Sep
(1) |
Oct
(1) |
Nov
|
Dec
(4) |
2004 |
Jan
(4) |
Feb
(3) |
Mar
(2) |
Apr
(2) |
May
(3) |
Jun
(2) |
Jul
|
Aug
(12) |
Sep
(15) |
Oct
(7) |
Nov
(1) |
Dec
|
2005 |
Jan
(1) |
Feb
(1) |
Mar
(2) |
Apr
(2) |
May
(1) |
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
(2) |
Nov
|
Dec
|
2006 |
Jan
(5) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2007 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Nombrandue N. <nom...@ho...> - 2011-06-06 05:16:26
|
http://planasbas.net/indexz41X.php |
From: Kevin J. <kjo...@se...> - 2007-05-14 01:52:07
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The BASE project team is thrilled to announce that the 1.3.6 (louise) release of the Basic Analysis and Security Engine (BASE) is available for download from http://base.secureideas.net This release is the next in a series of improvements that we hope make BASE the best choice in IDS analysis and reporting. With this release we have continued to fix bugs that are reported and update the system to perform faster, better and more reliably. The most notable fix in this release was also the simplest. We again have a working graphing system. We have also fixed a number of other bugs that have annoyed and bothered our users. One of our newest members has also devoted enormous amounts of time to making BASE compliant with HTML 4.01 and making sure that it works well in all browsers. We would also like to announce a few updates and changes within the project. First, we would like to welcome a couple of new members to the team and thank them for their help with improving BASE. Second, Kevin is pleased to announce that he has joined the Intelguardians team as a Senior Security Analyst. Again, we would like to thank everyone for their support and if there are any problems, please either contact us at ba...@se... or post to the sf.net site at http://sourceforge.net/projects/secureideas Thanks, Kevin Johnson and the BASE project team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGR8DG9gxbZzzrqlsRAgVEAKCH5N1IpfNIO0WOU1gD2gt3ISQ11wCghp1C 51s/I62aI7yjnpHFlwO6DeI= =XJIr -----END PGP SIGNATURE----- |
From: Fossil <fos...@ya...> - 2007-04-12 04:21:52
|
=0A=0AHi everyone=0A=0A=0A =0A=0A=0AI configured ACID to use Phplot by givi= ng the path of phplot=0Alike this in the Acid_Conf.file=0A=0A=0A =0A=0A=0A$= ChartLib_path=0A=3D "../phplot";=0A=0A=0A =0A=0A=0AThen why does ACID go lo= oking for the jpgraph files=0A=0A=0A =0A=0A=0AWhen Acid_main.php is opened = it shows me a link something=0Afor =93charts=94 and when I click it (Acid_g= raph_common.php)=0A=0A=0AIt evokes the below code in the file saying that= =0Aphplot/jpgraph.php cannot be loaded=0A=0A=0AAnd even there is a functio= n where it uses jpgraph files=0Ain Acid_graph_common.php=0A=0A=0A =0A=0A= =0AMy question is as stated on the website instruction=85 jpgraph=0Ais an o= ption to phplot then why the ACID software is looking for jpgraph files=0A= =0A=0AWhich is hardcoded in the Acid_graph_common.php file)=0A=0A=0AAnd a l= ink for graph on Acid_main.php directly calling this=0Afile=0A=0A=0A =0A=0A= =0AWhat if I don=92t want to use jpgraph and just phplot=85 is it=0Athat jp= graph is the only option? I don=92t think so=85=0A=0A=0AThan what am I doin= g wrong=85 I tried hunting the net using all=0Asearch engines even google d= idn=92t helped me=85=0A=0A=0A =0A=0A=0AIf anyone can help me I will be more= than thankful=0A=0A=0A =0A=0A=0AThis is a part of the code from Acid_graph= _common.php which=0Ais called from the Acid_main.php pages link =93graph= =94.=0A=0A=0A =0A=0A=0A echo '<P><B>Error=0Aloading the Graphing librar= y: </B> from "'.$path.=0A=0A=0A =0A'"<P>Check the Graphing abstrac= tion library variable=0A<CODE>$ChartLib_path</CODE>'.=0A=0A=0A =0A= ' in <CODE>acid_conf.php</CODE>=0A=0A=0A =0A<P>=0A=0A=0A = =0AThe underlying graphing library currently used is JPGraph, that can b= e=0Adownloaded=0A=0A=0A =0A at <A HREF=3D"http://www.aditus.nu/jpg= raph/index.php">http://www.aditus.nu/jpgraph/index.php</A>. =0AWithout this= =0A=0A=0A =0Alibrary no graphing operations can be performed.';= =0A=0A=0A =0A=0A=0A =0A=0A=0AThis is the function in Acid_graph_common.php = which shows=0Athe use of jpgraph=0A=0A=0Afunction LoadGraphingLib($path)=0A= =0A=0A{=0A=0A=0A $libs =3D array ("jpgraph.php",=0A=0A=0A = =0A"jpgraph_line.php",=0A=0A=0A =0A"jpgraph_bar.php",=0A=0A= =0A =0A"jpgraph_canvas.php",=0A=0A=0A =0A"jpg= raph_error.php",=0A=0A=0A =0A"jpgraph_log.php",=0A=0A=0A = =0A"jpgraph_pie.php",=0A=0A=0A =0A"jpgraph_pie3d= .php",=0A=0A=0A =0A"jpgraph_scatter.php",=0A=0A=0A = =0A"jpgraph_radar.php" );=0A=0A=0A =0A=0A=0A =0A=0A=0ABest regards= =0A=0A=0AAkash=0A=0A=0A=0A=0A=0A=0A =0A______________________________= ______________________________________________________=0ABe a PS3 game guru= .=0AGet your game face on with the latest PS3 news and previews at Yahoo! G= ames.=0Ahttp://videogames.yahoo.com/platform?platform=3D120121 |
From: Kevin J. <kjo...@se...> - 2007-02-20 02:03:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All- The BASE project team is proud to announce that the 1.3.5 (marie) release of the Basic Analysis and Security Engine (BASE) is available for download from http://base.secureideas.net This release is our first of 2007 and we hope to make this our best year ever! It fixes a number of bugs mainly affecting PHP 5. We also accepted a patch to fix queries against a hex encoded payload. We would like to take this opportunity to thank every one of our users and the people who help make this project what it is today. We have surpassed 100,000 downloads from the sf.net site, which doesn't take into account all of the other places BASE is available. So thank you. Please continue to support us and we believe that we can only get better. On a completely side note, I wanted to mention that I will be teaching SANS 504 in Atlanta in March and Ft. Lauderdale in April. While I would love everyone to attend, I was thinking that if anyone wanted to get together during that time, let me know. More information is available at: Atlanta, https://www.sans.org/atlanta07/description.php?tid=243 Ft. Lauderdale, https://www.sans.org/ftlauderdale07_cs/ description.php?tid=243 Again, thanks everyone! Kevin - --------------------- GCIA, GCIH, GCFA, CEH, CISSP BASE Project Lead http://base.secureideas.net The next step in IDS analysis! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF2lb99gxbZzzrqlsRAomXAJ9sbZEwjfxfoUkJrw/w+C0eCmD4ygCfcIMp ZuRUlJjmAiGoY8J8Fqkq35Y= =nAjm -----END PGP SIGNATURE----- |
From: Kevin J. <kjo...@se...> - 2006-11-17 01:41:00
|
Hi all- First I would like to announce that BASE 1.2.7 (karen) is now available from the Sourceforge project page. It can be downloaded from http://sourceforge.net/projects/secureideas This is a minor release with a few bugs fixed and little changes. The biggest part of this release is the contribution of the SnortUnified system. This is a perl program designed to replace Barnyard. I would like to take a moment and thank everyone for over two years of support and help. When I announced BASE in 2004 I didn't think that most people would notice. I still can't believe how wrong I was. So I want to say thanks! Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas http://www.secureideas.net |
From: Kevin J. <kjo...@se...> - 2006-07-24 03:06:56
|
We are happy to announce that the 1.2.6 (christine) release of the Basic Analysis and Security Engine (BASE) is available. You can download it at http://sourceforge.net/projects/secureideas We have fixed a number of bugs including some that affected IE and the setup system for BASE. We have also changed a couple things regarding the search form to make it more user friendly. We are currently looking for more people willing to test the BASE releases as we work on them. If you are interested, feel free to contact us at ba...@se... We have also started coding the 2.x code base. If you have any ideas or feedback regarding that rewrite, please forward them to the BASE developers list which is a public mailing list. Thank you Kevin Johnson and the BASE developers --------------------- GCIA, GCIH, CEH BASE Project Lead http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2006-06-04 18:37:58
|
The BASE project team is proud to announce that we have released 1.2.5 (sarah). It has been almost three months since the last release and in that time the project team has grown. We welcome Jon Hart to the team and he has already shown what a great contributer he can be. One difference with this release is that Kevin's daughter (sarah) is due to be born tomorrow so if you need support please contact the developers list or post a report on the SF.net page. Kevin will be checking email but it will be sporadic for a week or so. Now on to the changes. One of the main things in this release is a security fix that was announced by Milw0rm. This release solves the problem they found. Two things that the development team would like to point out. First, we would appreciate it if people at least tried to contact us before announcing these things. We do respond and try to fix things as soon as we can. Second, this security hole only affects you if you are running with globals registered. If you are doing that then you have a ton of other problems and we recommend that you turn it off immediately! We have also updated and improved our support for the FLoP system. A lot of fixes went into the setup system and we did a ton of changes to prevent further XSS and SQL injection attacks. The Chinese language file was updated. We also fixed a number of bugs and some of the issues with searching. We also improved our handling of ICMP messages. For full details of all of the changes, please read the CHANGELOG. As with all of our releases, BASE 1.2.5 (sarah) is available at http://sourceforge.net/projects/secureideas If you have any comments or problems regarding BASE and this release, please feel free to contact us. Thanks Kevin Johnson and the BASE project team |
From: Kevin J. <kjo...@se...> - 2006-03-19 22:54:16
|
The BASE project team and I are proud to announce the availability of our newest release of the Basic Analysis and Security Engine (BASE) project. It is now available from http://sourceforge.net/projects/secureideas This release comes after two months of enormous amounts of effort. The team, and users have fixed more bugs and implemented more features then any of our other releases to date! The CHANGELOG has 43 entries for this release alone. If you are using PostgreSQL, you will love this new release as a lot of work was put into supporting that DB better. We also now support the 107 version of the schema from Snort and FLoP. Archiving and other actions have also had a number of annoying bugs fixed. Searching has also been a focus since the last release. The full CHANGELOG is below. We would also like to welcome our new team members and thank the departed ones for all of their hard work. And of course we would like to thank everyone who nominated us in the Sourceforge Community Choice Awards ( http://sourceforge.net/awards/ cca/ ), don't forget to vote for us. ;-) Thanks again Kevin Johnson and the BASE project team CHANGELOG: ------------------------------------------------------------------------ -------------------------------------------------------------- - Fixed issue with PostGRES and schema in base_db.inc.php -- Kevin J and Nikns - Fixed bug #1284695 Error in SQL with PostgreSQL -- Kevin J and Nikns - Fixed issues displaying PortScans -- Nikns - Fixed sig_class (bug #1407325) and sig_priority filter bug -- Nikns and Max Valdez (garaged) - Fixed bug #1408387 Archive move and Email summary issues -- Nikns - Fixed bug when, after setup, archive database wasn't used -- Nikns - Fixed PostgreSQL archive database support -- Nikns - Fixed bug #1313261 Unable to use actions in base_stat_sensor.php -- Nikns - Fixed bug #1371532 First of month timestamp issue -- Nikns - Fixed bug #1406945 Lost alert order when switching between payload display -- Nikns - Fixed bug #1413712 base_conf.php file path issue under MS Windows -- garaged - Fixed search by signature name -- Nikns - Converted sql/create_base_tbls_mssql_extra.sql to CRLF line terminators -- Nikns - Fixed broken auth system for MSSQL -- Nikns - Changed MSSQL schema for table acid_event, sig_name now has type VARCHAR instead of TEXT -- Nikns - Fixed bug #1307250 broken base_stat_alerts.php with MSSQL -- Nikns - Fixed bug #1413594 Force to use alert database for auth system stuff -- Nikns - Setup fix, on error form values are remembered, default language is English -- garaged - Uppercased name 'Archive' in base_main.php (in sync with base_hdr1.php) -- Nikns - Fixed support for actions in base_stat_class.php -- Nikns - Fixed bug #1418660 Broken search by IP criteria -- Nikns - Added checkboxes and fixed support for actions in base_stat_iplink.php -- Nikns - Implemented RFE #1123382 support for actions in base_stat_uaddr.php -- Nikns - Implemented support for actions in base_stat_ports.php -- Nikns - Fixed bug #1422575 when empty email sent even if action unsuccessful -- Nikns - Fixed bug #1424033 Unable to Graph Alert Detection Time -- Nikns - Fixed bug #1426089 Score removed from email address -- Nikns - Fixed bug #1210542 and #1288402 Packet display mode issues -- Nikns - Detect archiving duplicates with select queries instead of catching db conflict error -- Nikns - Fixed bug #1430686 Update alert cache for archived alert right after it is coppied to archive db -- Nikns - Implemented archiving support for schema 107 -- Nikns - Added sig_gid (signature generator id) to snort signature reference url for schema 107 -- Nikns - session_start() on base_conf.php avoiding repetition, easier to handle with debug output -- garaged - debug_mode needs to be off on login (index.php:45 ) -- garaged - Fixed bug #1275536 Unable to download binary payload in Internet Explorer when using SSL -- Nikns - Implemented archiving support for FLoP extended database schema -- Nikns - Implemented rebuild of packet in pcap format for FLoP extended database -- Nikns - Added display of MAC addresses in base_query_alert.php for FLoP extended database -- Nikns - Fixed BASE authentication bypass in standalone mode for base_maintenance.php -- Nikns - Added HTTP response codes on authentication failure in base_maintenance.php for standalone mode -- Nikns - Fixed bug #1341286 Show IP header length in bytes, not words -- Juergen Leising - In plain display mode several sequential non-ASCII payload characters join together displaying their count -- Nikns - Changed input type of the password field in useradmin -- Kevin Johnson |
From: Joshua F. <jos...@ny...> - 2006-01-25 02:06:32
|
Ah. Works like a champ. Thank you! -J=20 > -----Original Message----- > From: aci...@li...=20 > [mailto:aci...@li...] On Behalf=20 > Of Kevin Johnson > Sent: Tuesday, January 24, 2006 8:08 PM > To: Joshua Fritsch > Cc: aci...@li... > Subject: Re: [acidlab-users] ACID displaying sig_id value=20 > instead of sig_name >=20 > Joshua Fritsch wrote: > > Hello, > >=20 > > I apologize if this has already been addressed but the=20 > search function > > for the archives is down so I can't check. > >=20 > > Once data is loaded into the database, everything seems to=20 > work as it > > should with the exception of the signature name value. It=20 > brings up the > > sig_id field instead of the sig_name. I know the data=20 > itself is intact > > by peeking manually into mysql, but I can't figure out what=20 > is causing > > this problem. Here's a screenshot of the issue: > >=20 > > http://www.unixgeeks.org/misc/acid_goof.gif > >=20 > > And here's a pull from the database showing what ID #3 is: > >=20 > > --- > > mysql> SELECT sig_name FROM signature WHERE sig_id=3D'3'; > > +---------------------------------------+ > > | sig_name | > > +---------------------------------------+ > > | NETBIOS SMB-DS repeated logon failure | > > +---------------------------------------+ > > 1 row in set (0.00 sec) > >=20 > > mysql> > > --- > >=20 > > I'm running MySQL v5.0.18, snort v2.4.3 and ACID v0.9.6b23. > >=20 > > Any help would be appreciated. > >=20 > > -J >=20 > Hi >=20 > This is a problem with ACID and MySQL 5.0. This has been=20 > fixed in BASE > which is available at http://secureideas.net/projects/secureideas >=20 > Kevin >=20 >=20 >=20 > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep=20 > through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. =20 > DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D103432&bid=3D230486& > dat=3D121642 > _______________________________________________ > acidlab-users mailing list > aci...@li... > https://lists.sourceforge.net/lists/listinfo/acidlab-users >=20 >=20 >=20 |
From: Kevin J. <kjo...@se...> - 2006-01-25 01:09:21
|
Joshua Fritsch wrote: > Hello, > > I apologize if this has already been addressed but the search function > for the archives is down so I can't check. > > Once data is loaded into the database, everything seems to work as it > should with the exception of the signature name value. It brings up the > sig_id field instead of the sig_name. I know the data itself is intact > by peeking manually into mysql, but I can't figure out what is causing > this problem. Here's a screenshot of the issue: > > http://www.unixgeeks.org/misc/acid_goof.gif > > And here's a pull from the database showing what ID #3 is: > > --- > mysql> SELECT sig_name FROM signature WHERE sig_id='3'; > +---------------------------------------+ > | sig_name | > +---------------------------------------+ > | NETBIOS SMB-DS repeated logon failure | > +---------------------------------------+ > 1 row in set (0.00 sec) > > mysql> > --- > > I'm running MySQL v5.0.18, snort v2.4.3 and ACID v0.9.6b23. > > Any help would be appreciated. > > -J Hi This is a problem with ACID and MySQL 5.0. This has been fixed in BASE which is available at http://secureideas.net/projects/secureideas Kevin |
From: Joshua F. <jos...@ny...> - 2006-01-25 00:46:26
|
Hello, I apologize if this has already been addressed but the search function for the archives is down so I can't check. Once data is loaded into the database, everything seems to work as it should with the exception of the signature name value. It brings up the sig_id field instead of the sig_name. I know the data itself is intact by peeking manually into mysql, but I can't figure out what is causing this problem. Here's a screenshot of the issue: http://www.unixgeeks.org/misc/acid_goof.gif And here's a pull from the database showing what ID #3 is: --- mysql> SELECT sig_name FROM signature WHERE sig_id=3D'3'; +---------------------------------------+ | sig_name | +---------------------------------------+ | NETBIOS SMB-DS repeated logon failure | +---------------------------------------+ 1 row in set (0.00 sec) mysql> --- I'm running MySQL v5.0.18, snort v2.4.3 and ACID v0.9.6b23. Any help would be appreciated. -J |
From: Kevin J. <kjo...@se...> - 2006-01-12 21:53:12
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi- The BASE project team and I are proud to announce that BASE 1.2.2 (cindy) is available for download at http://sourceforge.net/projects/secureideas/ This release adds Turkish to the supported languages available. It also fixes a number of issues including completely supporting MySQL 5.0. We have also included fixes from the Debian maintainer that fixes all of the known SQL injection and XSS issues with BASE. The complete CHANGELOG is included in the release. If you have any questions of comments, please send them to me at kjo...@se.... Thanks to everyone who has supported our project for this long! Kevin Johnson and the BASE project team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDxs+E9gxbZzzrqlsRAhkaAJ4kIry7PDtKYxs3HTT94a3/IWbBdQCfRCAx fSVlxWwaQED2guy7fyLZRlk= =O7ma -----END PGP SIGNATURE----- |
From: Kevin J. <kjo...@se...> - 2006-01-06 13:00:31
|
Hi all- First I would like to apologize for cross-posting. I just want to get this out and I have to leave for work very soon.<grin> Second I would like to wish everyone a happy new year and thank them for the last year of support for the BASE project. Now on to year three! Now to what I need, because you all know it is about me right<grin> The BASE project is looking for a new project lead to replace me in day to day administration and development. I am not leaving the project, just with all that I am involved in (SecTools, OSVDB, SANS and of course the new baby on the way!) and the work on 2.0, (which is WAY behind) I need some help. Joel used to fill this position but then he got a job.<grin> Basically it would need to be someone who was willing to handle or filter support requests. You would also need to manage the development team and accept patches. Accepting patches means that you must have some type of PHP experience. I would of course still be involved and helping you with the project. If you are at all interested, please feel free to email me at kjo...@se.... Thanks Kevin |
From: Kevin J. <kjo...@se...> - 2005-10-31 00:58:01
|
Hi all- The BASE project team is happy to announce the immediate availability of the 1.2.1 (kris) release of BASE. This release has a fix for the SQL injection problem that has haunted ACID and BASE since their inception. This fix does not address every type of attack vector that exists but does remove the bulk of the problem. We are currently working on the next major version of BASE. The 2.0 code base is being completely rewritten and as such, should not have the issues that plague the existing versions. =20 The BASE team would like to remind everyone that this project is a security tool and as such, remember to use some form of authentication before allowing people into the system. Either the built in authentication or a .htaccess file are recommended. Allowing people to browse your security alerts with out authentication is asking for problems. If you have any questions or comments please feel free to write us, Thanks for all of your support! Kevin Johnson and the BASE project team --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-10-09 21:08:11
|
The BASE project team is proud to announce the release of BASE 1.2. This release is available from the project homepage on SF.net @ http://sourceforge.net/projects/secureideas We would like to thank everyone that had a part in making this release a success. This release fixes a number of bugs people were having with PHP 5 and searches. Alex Butcher also submitted a patch to fix the sort issue some people were experiencing. We also have fixes to emails regarding portscans and with quotes on one of the pages. (Thanks Michael and Nikns!) A number of features were added in this release. These features include: - The ability to download a binary file of the packet that caused the Snort alert. - Increased the number of sources for port information - Added Internet Storm Center Source/Subnet report - TrustedSource.org IP lookup - The ability to look up signatures from a local source =20 We hope that these features and fixes will increase the ability of BASE to meet your needs. And we welcome any and all feedback regarding this release and any other release of BASE. Thanks Kevin Johnson and the BASE project team --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-08-10 03:59:28
|
Hi everyone, We would like to take this time to announce the immediate release of BASE 1.1.4 (cheryl). Compared to some of our other releases, this is a pretty small one. We have added Polish and updated some of the other languages. We have also fixed some minor bugs in the system. The biggest fix is to the SQL files for new users. The main reason this release is being put out is to thank Joel Esler. Today is his first day with Sourcefire and he is out at LinuxWorld representing the BASE project. After this release he will no longer be an active part of the BASE project and we wanted to take this moment to thank him for everything that he has done for BASE and the Snort community. So all together now.... Thanks Joel!<g> Thank You, Kevin Johnson and the BASE development team --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-06-14 00:23:35
|
The BASE project team is proud to announce the immediate=20 availability of the 1.1.3(lynn) release. This release includes a number of performance increases=20 along with a number of bug fixes. We have also included support=20 for Oracle. Along with this, we have increased our translations to=20 include Simplified Chinese and Czech! =20 We would like to thank everyone that continues to support the team, both by using the product and sending us bug reports and patches. To brag a little, we would like to point out that two different articles appeared talking about the project when explaining various uses of=20 Snort. And our understanding is that another is on the way.<g> We also had a wonderful IRC session, where a number of users met with the developers to discuss the future of BASE and what 2.x means. The transcript of this meeting is available on our website at http://secureideas.sourceforge.net We would like to invite anyone who would like to=20 contribute, whether seasoned programmer or beginner that is=20 looking to learn, to contact us at ba...@se... to discuss how you can join the team! Of course we should mention that the download is available on our Sourceforge.net site at http://sourceforge.net/projects/secureideas Thanks! Kevin Johnson and the BASE project team ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-05-02 10:42:54
|
Everyone, With the recent of release of BASE version 1.1.2, we've received a lot of helpful suggestions and modifications that people would like to make. (We enjoy ideas, we like it even better when people provide the code :) So, in the theory and following the model of Open Source Software, we have made the developers list for BASE public. We'd like everyone who has adodb, PEAR Graph, php coding skills or just wan= ts to=20 help out to feel welcome to sign up on our webpage at: http://lists.sourceforge.net/lists/listinfo/secureideas-base-devel If you have ideas, we'd love to hear them!! Thanks everyone! Kevin Johnson and Joel Esler ------------------- BASE Project Leads http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-04-08 23:58:06
|
Hi- Due to a series of serious bugs that affected certain installations of BASE, we have released the 1.1.2 (zora) version. This version is a minor release but we recommend it to everyone as the bugs can cause issues that will be hard to track down. Specifically, the errors were fatal calls to a non-object when ever you selected one of the query pages. The BASE project team would like to thank everyone that assisted with figuring this out. The users of BASE have proven that OSS works, since the developers were not able to reproduce the error on any of our test systems. Again thanks to everyone and we apologize for such a short time between releases, Kevin Johnson and the BASE project team ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Kevin J. <kjo...@se...> - 2005-04-03 21:17:17
|
Hey everyone! I know it's been two months of waiting and two months of pai= nstaking work (for us) getting all the new features of=20 BASE working, as well as all of the bugs you've submitted fixed (thanks for= letting us know about them!!). =20 But here it is, our biggest release yet, 1.1 Why do we say it's our biggest release? Just take a look at some of the th= ings we've built into it! --REMOVED THE NEED FOR A THIRD PARTY GRAPHING ENGINE! =20 For those of you that found jpgraph too hard to install=20 (and for those of you that have read the jpgraph license agreement for cor= porate environments.)=20 It's gone! After you install BASE 1.1, go ahead and delete jpgraph! -- Created a standalone cache program This program can run via a schedule or manually. It will then automatical= ly update any of the DB caches in BASE. This removes the need for BASE to do this, which results in a much faster = interface. -- Auto-Packet Decode.=20 (Don't want to look at your packet dumps in hex? Fine! Check it out in P= lain text mode!)=20 (We believe we are the only web-based Snort tool to do this!) -- Created a cookie that will remember if you want plain-text or hex displa= y. -- Review of the Archive Database from the same console. =20 You no longer have to maintain two copies of BASE anymore!=20 Just one copy will work with both your current DB and your archive DB. -- Support for themes.=20 (Don't like the colors associated with BASE, or want to design your own in= terface? Our theme engine is css,=20 the beauty of the possibly of the design in CSS is unmatched. =20 We also have a new place on our project website for these! Submit yours n= ow!) -- Oracle Support.=20 (The Oracle support is preliminary and will get better as users help repor= t problems with it.) -- We've simplified the Graph Form to make it more user friendly. -- Added a functionality to be able to use multiple BASE interfaces on the = same screen and keep them all straight. We display the "InstallID" in the title bar for you to be able to determin= e which is which. We have also fixed an enormous number of bugs that have been bothering us a= nd our users. List of Bugs we've fixed in this release: -- Fixed the signature lookup mechanism for the new Snort.org website. -- Fixed a bug where the PostgreSQL setup wasn't functioning correctly. -- = Thanks C. Bensend -- Fixed the "Call to undefined function" bug in "Whois Cache". -- Fixed a coding error brought over from ACID that gets Source and Destina= tion Ports backwards when describing them. -- Fixed a bug that existed if there were no users in the db. -- Fixed a bug that "garbled BASE Web UI messages in the Japanese character= codeset". -- Fixed a bug that was found when going from one alert to the next using t= he "Next" and "Back" buttons. =20 The Alert numbers were incorrect! -- Fixes to the Portuguese language File. -- Thanks Thiago Martins -- Fixed a bug where the "distinct IP" links didn't display "distinct IPs". -- Fixed a bug where the Pie Charts weren't functioning. -- Fixed an error in the German language File. -- Thanks Heinrich Lieker -- Fixed a bug where Archiving an alert would error and say "duplicate entr= y". -- Fixed a bug where the IP links would not be sorted in the correct order. -- Fixed a bug in the base_maintenance.pl program. -- Fixed a bug where your Search Criteria would be lost if you hit"Back". -- Fixed an error where you couldn't email from the Alert Group page.-- Tha= nks Ethan Chai -- Fixed an error were the Sorting of Alerts and Searches would not be in t= he correct order. -- Fixed a bug where php "safe mode" would cause BASE to stop functioning. -- Fixed a bug where setup would die without telling the user. This release is, as always, available from our project web site at http://s= ourceforge.net/projects/secureideas You can also reach us at ba...@se... Please let us know what you think and if you have an idea for a new feature= or have found a bug, please post them on our project web site. Thanks Kevin Johnson and the BASE project team ------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: Teva A. <tev...@es...> - 2005-03-14 10:47:42
|
hi, i have a 2-tier snort set up with snort and barnyard running on one box, and mysql/acid running on another. i have snort configured with the following options: snort.conf: output log_unified: filename snort.unified.log, limit 128 and barnyard.conf configured as follows: config hostname: localhost config interface: eth0 output alert_acid_db: mysql, database snort, server ids.domain.com , user snort, password snort output log_acid_db: mysql, database snort, server ids.domain.com , user snort, password snort , detail full i run snort like: /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -D and barnyard like: /usr/local/bin/barnyard -c /etc/snort/barnyard.conf -p /etc/snort/classification.config -f snort.unified.log -g /etc/snort/rules/gen-msg.map -s etc/snort/rules/sid-msg.map -w /usr/local/snortlogs/barnyard.waldo data appears in the db in almost all tables EXCEPT all acid_* tables(acid_ag,etc..) *hdr tables (iphdr, etc..) and the data table which are empty. The sensor table isn't empty : there is one value (inserted by barnyard) which is : sid hostname interface filter detail encoding last_cid --------------------------------------------------------------------------- 1 sensor eth0 NULL 1 0 0 anybody know why acid doesn't insert something in acid_* tables, and why i have nothing in hdr* tables and the data table? Thanks in advance, |
From: Roy K. <rk...@sa...> - 2005-03-02 20:53:10
|
All- I have a rather lengthy bpf applied to my snort command line, which makes its way into the 'sensor name' in the ACID front end. Other than modifying the php source (which is my current work-around), is there any way to suppress the bpf from being displayed as part of the sensor name? Thanks, Roy Roy Kidder Network Engineer Safelite Glass Corp. |
From: Kevin J. <kjo...@se...> - 2005-02-14 02:06:14
|
Hi- The BASE project team is happy to announce that BASE 1.0.2 has been release= d. =20 This version includes a major performance improvement for MySQL databases. = It also fixes=20 a number of bugs that users of PostgreSQL have reported, including support = for PostgreSQL 8.0. We have also fixed a number of issues with PHP 5 and navigation through the= system. And we have fixed a=20 long standing bug with the host caching system. A few new features have been included in this release, most notably is the = inclusion of DShield IP lookups and summary statistics through out the system. The newest release is available at our project page on Sourceforge.net or h= ttp://base.secureideas.net If you have any questions or comments, feel free to contact us at base@secu= reideas.net Thanks The BASE project team |
From: Kevin J. <kjo...@se...> - 2005-01-18 00:13:57
|
The BASE Project Team is proud to announce the immediate availability of the 1.0.1 release. This release includes many bug fixes over previous releases of BASE and ACID. This release adds more languages to the default package. The website for this release is http://base.secureideas.net and downloads are available on Sourceforge at http://sourceforge.net/projects/secureideas . If you have any questions or comments, feel free to contact us at ba...@se... Thanks The BASE Project Team |
From: Kevin J. <kjo...@se...> - 2004-11-21 23:11:05
|
The BASE Project Team is proud to announce the immediate availability of the 1.0 release. This release includes many bug fixes over previous releases of BASE and ACID. It also is the first release to include the Flow-Portscan preprocessor patch. It also has support for multiple languages, with 11 languages included in the package. It also has a fully functional user authentication and role-basing system. The website for this release is http://base.secureideas.net and downloads are available on Sourceforge at http://sourceforge.net/projects/secureideas . If you have any questions or comments, feel free to contact us at ba...@se... Thanks The BASE Project Team |