secureideas-base-user — Discussions among users of BASE

[Secureideas-base-user] Blank page when starting BASE (fatal error)

[James N. <jn...@ri...>]

Hi,

I've installed snort, barnyard2 etc on Mint. Tested snort works with
MySQL and all is fine.

After I've installed BASE and configured all I get is a blank screen.

I've had a look at the apache error logs and I get this......

PHP Fatal error:  Uncaught Error: Call to undefined function
ereg_replace() in
/var/www/html/base/includes/base_state_common.inc.php:184\nStack
trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248):
CleanVariable('', 291)\n#1 /var/www/html/base/base_main.php(63):
PushHistory()\n#2 {main}\n  thrown in
/var/www/html/base/includes/base_state_common.inc.php on line 184

I've posted more on the Ubuntu Security forum here....

https://ubuntuforums.org/showthread.php?t=2333635

Any ideas how I could rectify this?

Cheers,

Jim

PHP Fatal error:  Uncaught Error: Call to undefined function ereg_replace() in /var/www/html/base/includes/base_state_common.inc.php:184\nStack trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248): ClPHP Fatal error:  Uncaught Error: Call to undefined function ereg_replace() in /var/www/html/base/includes/base_state_common.inc.php:184\nStack trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248): CleanVariable('', 291)\n#1 /var/www/html/base/base_main.php(63): PushHistory()\n#2 {main}\n  thrown in /var/www/html/base/includes/base_state_common.inc.php on line 184

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

nobody can help me?

On 28-01-2016 16:25, hernani coelho wrote:
> hello,
> sorry i have problems to send messages with other address
>
> that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules
> i use pulledpork and barnyard2 to manage rules, i don't know if
> pulledpork have that rule enabled. how can i see??
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Secureideas-base-user mailing list
> Sec...@li...
> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user

[Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <her...@ms...>]

hello,
sorry i have problems to send messages with other address

that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules
i use pulledpork and barnyard2 to manage rules, i don't know if 
pulledpork have that rule enabled. how can i see??

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

hello,
that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules
i use pulledpork and barnyard2 to manage rules, i don't know if 
pulledpork have that rule enabled. how can i see??
>
> thanks
> hernani
> On 28-01-2016 11:44, Joel Esler wrote:
>> hernani,
>>
>> Have you tried shutting off that particular preprocessor rule in 
>> preprocessor.rules?
>>
>> On Jan 28, 2016, 6:01 AM, hernani coelho wrote:
>>
>>>
>>>
>>>> anybody can help me??
>>>>
>>>> On 26-01-2016 16:19, hernani coelho wrote:
>>>>> hello,
>>>>>
>>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works
>>>>> but i receive a lot alerts from
>>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
>>>>> these alerts. how can i stop these alerts??
>>>>> #0-(3-146) 
>>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
>>>>> 	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset 
>>>>> outside window 	2016-01-26 15:47:51 	64.4.8.0 
>>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
>>>>> 	0.0.0.0 
>>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
>>>>> 	IP
>>>>>
>>>>>   i see entries when i see a web page.
>>>>> can someone help me??
>>>>>
>>>>> thanks
>>>>> hernani
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Secureideas-base-user mailing list
>>>>> Sec...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>
>>>>
>>>> _______________________________________________
>>>> Secureideas-base-user mailing list
>>>> Sec...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>>
>>>
>

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

hello,

that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules

i use pulledpork to manage rules, i don't know if that rule are enabled 
by pulledpork, how can i see if that rule are enabled??
>
> i use pulledpork to manage rules, i don't know if pulledpork have that 
> rule enabled. how can i see??
>
> thanks
> hernani
> On 28-01-2016 11:44, Joel Esler wrote:
>> hernani,
>>
>> Have you tried shutting off that particular preprocessor rule in 
>> preprocessor.rules?
>>
>> On Jan 28, 2016, 6:01 AM, hernani coelho wrote:
>>
>>>
>>>
>>>> anybody can help me??
>>>>
>>>> On 26-01-2016 16:19, hernani coelho wrote:
>>>>> hello,
>>>>>
>>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works
>>>>> but i receive a lot alerts from
>>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
>>>>> these alerts. how can i stop these alerts??
>>>>>

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

i have problems to send email to list, i receive error to post messages
lets see if now go.
> hello,
> that rule are commented ---> # include 
> $PREPROC_RULE_PATH/preprocessor.rules
>
> i use pulledpork to manage rules, i don't know if pulledpork have that 
> rule enabled. how can i see??
>
> thanks
> hernani
> On 28-01-2016 11:44, Joel Esler wrote:
>> hernani,
>>
>> Have you tried shutting off that particular preprocessor rule in 
>> preprocessor.rules?
>>
>> On Jan 28, 2016, 6:01 AM, hernani coelho wrote:
>>
>>>
>>>
>>>> anybody can help me??
>>>>
>>>> On 26-01-2016 16:19, hernani coelho wrote:
>>>>> hello,
>>>>>
>>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works
>>>>> but i receive a lot alerts from
>>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
>>>>> these alerts. how can i stop these alerts??
>>>>> #0-(3-146) 
>>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
>>>>> 	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset 
>>>>> outside window 	2016-01-26 15:47:51 	64.4.8.0 
>>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
>>>>> 	0.0.0.0 
>>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
>>>>> 	IP
>>>>>
>>>>>   i see entries when i see a web page.
>>>>> can someone help me??
>>>>>
>>>>> thanks
>>>>> hernani
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>>> Monitor end-to-end web transactions and take corrective actions now
>>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Secureideas-base-user mailing list
>>>>> Sec...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>
>>>>
>>>> _______________________________________________
>>>> Secureideas-base-user mailing list
>>>> Sec...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>>
>>>
>

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

hello,
that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules

i use pulledpork to manage rules, i don't know if pulledpork have that 
rule enabled. how can i see??

thanks
hernani
On 28-01-2016 11:44, Joel Esler wrote:
> hernani,
>
> Have you tried shutting off that particular preprocessor rule in 
> preprocessor.rules?
>
> On Jan 28, 2016, 6:01 AM, hernani coelho wrote:
>
>>
>>
>>> anybody can help me??
>>>
>>> On 26-01-2016 16:19, hernani coelho wrote:
>>>> hello,
>>>>
>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works
>>>> but i receive a lot alerts from
>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
>>>> these alerts. how can i stop these alerts??
>>>> #0-(3-146) 
>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
>>>> 	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset 
>>>> outside window 	2016-01-26 15:47:51 	64.4.8.0 
>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
>>>> 	0.0.0.0 
>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
>>>> 	IP
>>>>
>>>>   i see entries when i see a web page.
>>>> can someone help me??
>>>>
>>>> thanks
>>>> hernani
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>>> Monitor end-to-end web transactions and take corrective actions now
>>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>>
>>>>
>>>> _______________________________________________
>>>> Secureideas-base-user mailing list
>>>> Sec...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>>> Monitor end-to-end web transactions and take corrective actions now
>>> Troubleshoot faster and improve end-user experience. Signup Now!
>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>>
>>>
>>> _______________________________________________
>>> Secureideas-base-user mailing list
>>> Sec...@li...
>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>>>
>>

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

> anybody can help me??
>
> On 26-01-2016 16:19, hernani coelho wrote:
>> hello,
>>
>> i have, snort, base, mysql, barnyard2, and pulledpork everything works
>> but i receive a lot alerts from
>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
>> these alerts. how can i stop these alerts??
>> #0-(3-146) 
>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
>> 	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset 
>> outside window 	2016-01-26 15:47:51 	64.4.8.0 
>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
>> 	0.0.0.0 
>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
>> 	IP
>>
>>   i see entries when i see a web page.
>> can someone help me??
>>
>> thanks
>> hernani
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>
>>
>> _______________________________________________
>> Secureideas-base-user mailing list
>> Sec...@li...
>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
> _______________________________________________
> Secureideas-base-user mailing list
> Sec...@li...
> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user

Re: [Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

anybody can help me??

On 26-01-2016 16:19, hernani coelho wrote:
> hello,
>
> i have, snort, base, mysql, barnyard2, and pulledpork everything works
> but i receive a lot alerts from
> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
> these alerts. how can i stop these alerts??
> #0-(3-146) 
> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
> 	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset 
> outside window 	2016-01-26 15:47:51 	64.4.8.0 
> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
> 	0.0.0.0 
> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
> 	IP
>
>   i see entries when i see a web page.
> can someone help me??
>
> thanks
> hernani
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
> _______________________________________________
> Secureideas-base-user mailing list
> Sec...@li...
> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user

[Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <coe...@sa...>]

hello,

i have, snort, base, mysql, barnyard2, and pulledpork everything works
but i receive a lot alerts from
ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
these alerts. how can i stop these alerts??

#0-(3-146) 
<http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> 
	[snort <http://www.snort.org/search/sid/129-15>] stream5: Reset outside 
window 	2016-01-26 15:47:51 	64.4.8.0 
<http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 
	0.0.0.0 
<http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> 
	IP

  i see entries when i see a web page.
can someone help me??

thanks
hernani

[Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <her...@ms...>]

hello,

i have, snort, base, mysql, barnyard2, and pulledpork everything works
but i receive a lot alerts from
ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of
these alerts.
how can i stop these alerts??
i see entries when i see a web page.
can someone help me??

thanks
hernani

[Secureideas-base-user] help with base and ip destination 0.0.0.0

[hernani c. <her...@ms...>]

hello,

i have, snort, base, mysql, barnyard2, and pulledpork everything works 
but i receive a lot alerts from
ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of 
these alerts.
how can i stop these alerts??
i see entries when i see a web page.
can someone help me??

thanks
hernani

[Secureideas-base-user] [Noob alert] Base doesnt show alerts

[soma patel-s. <dum...@gm...>]

I have been working on setting up Snort,Barnyard2 and Base.

1.Snort is currently logging in the unified2 format.

2.Barnyard2 is reading the logs and successfully inserting stuff into MySQL.
(I confirmed this using the standard "select count(*) from events;" Please
let me know if my         assumption is wrong)

3.Base can insert into the database (can create a user through the Base
gui), also when I hit the update alert cache button, I see the total events
being updated.

I still do not see any alerts on the main page. TCP,UDP and ICMP traffic
still say 0,0,0 resp.

Can anyone help fixing this please.

Thanks,
/$m

[Secureideas-base-user] Newbie Question , Install error

[Marc M. <ma...@le...>]

hello list,

I want to set up snort with base on  my debian server  as a honey pot  
for a videoconferencing server.
I found this nice manual here   http://openmaniak.com/snort_tutorial_base

but i am having an error:


http://91.184.33.25/base/base-1.4.5/

Warning: include_once(Mail.php) [function.include-once]: failed to  
open stream: No such file or directory in /var/www/base/base-1.4.5/ 
includes/base_action.inc.php on line 29

Warning: include_once() [function.include]: Failed opening 'Mail.php'  
for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in / 
var/www/base/base-1.4.5/includes/base_action.inc.php on line 29

Warning: include_once(Mail/mime.php) [function.include-once]: failed  
to open stream: No such file or directory in /var/www/base/base-1.4.5/ 
includes/base_action.inc.php on line 30

Warning: include_once() [function.include]: Failed opening 'Mail/ 
mime.php' for inclusion (include_path='.:/usr/share/php:/usr/share/ 
pear') in /var/www/base/base-1.4.5/includes/base_action.inc.php on  
line 30


Maybe the path to "adodb" was wrong ?

thanks for any help


regards


Marc


-- Les enfants teribbles - research / deployment
Marc Manthey- Vogelsangerstrasse 97
50823 Köln - Germany
Tel.:0049-221-29891489
Mobil:0049-1577-3329231
blog: http://let.de
twitter: http://twitter.com/macbroadcast/
facebook : http://opencu.tk


Opinions expressed may not even be mine by the time you read them, and  
certainly don't reflect those of any other entity (legal or otherwise).


--  
Les enfants teribbles - research / deployment
Marc Manthey- Vogelsangerstrasse 97
50823 Köln - Germany
Tel.:0049-221-29891489
Mobil:0049-1577-3329231
blog: http://let.de
project : http://opencu.org
twitter: http://twitter.com/macbroadcast/
facebook : http://opencu.tk


Opinions expressed may not even be mine by the time you read them, and  
certainly don't reflect those of any other entity (legal or otherwise).

[Secureideas-base-user] newbie Question , Install error

[Marc M. <ma...@le...>]

hello list,

I want to set up snort with base on  my debian server  as a honey pot  
for a videoconferencing server.
I found this nice manual here   http://openmaniak.com/snort_tutorial_base

but i am having an error:


http://91.184.33.25/base/base-1.4.5/

Warning: include_once(Mail.php) [function.include-once]: failed to  
open stream: No such file or directory in /var/www/base/base-1.4.5/ 
includes/base_action.inc.php on line 29

Warning: include_once() [function.include]: Failed opening 'Mail.php'  
for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in / 
var/www/base/base-1.4.5/includes/base_action.inc.php on line 29

Warning: include_once(Mail/mime.php) [function.include-once]: failed  
to open stream: No such file or directory in /var/www/base/base-1.4.5/ 
includes/base_action.inc.php on line 30

Warning: include_once() [function.include]: Failed opening 'Mail/ 
mime.php' for inclusion (include_path='.:/usr/share/php:/usr/share/ 
pear') in /var/www/base/base-1.4.5/includes/base_action.inc.php on  
line 30


Maybe the path to "adodb" was wrong ?

thanks for any help


regards


Marc


--  
Les enfants teribbles - research / deployment
Marc Manthey- Vogelsangerstrasse 97
50823 Köln - Germany
Tel.:0049-221-29891489
Mobil:0049-1577-3329231
blog: http://let.de
twitter: http://twitter.com/macbroadcast/
facebook : http://opencu.tk


Opinions expressed may not even be mine by the time you read them, and  
certainly don't reflect those of any other entity (legal or otherwise).

Re: [Secureideas-base-user] BASE 1.5.x and moving forward

[Kevin J. <kjo...@se...>]

On Aug 10, 2010, at 11:14 AM, wi...@sh... wrote:
> Hello,
> 
> I would like to solicite assistance and advice from the BASE community
> with regards for setting requirements for the BASE 2.0 release. Since
> taking over the project from Kevin I have been reviewing the code and have
> found that moving forward, it will probably be best for us to rewrite the
> engine from scratch. While this may be a large project in the short term
> in the long term I feel the current code is
> unmaintainable and a new codebase will allow us to easily integrate new
> features (like IPv6 support) when the time comes.
> 
> The last release in the 1.5.X release chain will be 1.5.5, which will
> contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will
> still include the Pear::Image and Pear::Graph functionality that is broken
> under PHP5.3. If someone wants to develop a work around or patch for this
> then I welcome your efforts, but I will be focusing on the 2.0 release.
> 
> I would like to solicit assistance from developers who would like to help
> with BASE 2.0. In the coming days I will be sending more emails to the
> secureideas-base-devel mailing list. If you are interested please contact
> me for more details. I hope that BASE can continue to be a flexible
> enterprise snort analysis console.

I hope that it goes without saying, but of course I am saying it, I am available to help with this.

I look forward to seeing where BASE ends up.

Kevin

Re: [Secureideas-base-user] [Secureideas-base-devel] BASE 1.5.x and moving forward

[Randal T. R. <ra...@pr...>]

On 8/10/2010 8:14 AM, wi...@sh... wrote:
> Hello,
> 
> I would like to solicite assistance and advice from the BASE community
> with regards for setting requirements for the BASE 2.0 release. Since
> taking over the project from Kevin I have been reviewing the code and have
> found that moving forward, it will probably be best for us to rewrite the
> engine from scratch. While this may be a large project in the short term
> in the long term I feel the current code is
> unmaintainable and a new codebase will allow us to easily integrate new
> features (like IPv6 support) when the time comes.
> 
> The last release in the 1.5.X release chain will be 1.5.5, which will
> contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will
> still include the Pear::Image and Pear::Graph functionality that is broken
> under PHP5.3. If someone wants to develop a work around or patch for this
> then I welcome your efforts, but I will be focusing on the 2.0 release.
> 
> I would like to solicit assistance from developers who would like to help
> with BASE 2.0. In the coming days I will be sending more emails to the
> secureideas-base-devel mailing list. If you are interested please contact
> me for more details. I hope that BASE can continue to be a flexible
> enterprise snort analysis console.

Greetings, Will. Welcome to the team!

I, as I'm sure others are as well, am anxious to get the foundation for
2.0 started. We should begin by drafting a list of features both
required and desired for the new codebase, along with a roadmap.

We should also re-org the developer roster. So those interested should
wave their hands vociferously! And we may want to include some new folks
wishing to participate. I've cc'd the Snort-users list for that purpose,
as well as to get suggestions from the community as to what they'd like
to see in the new BASE.

So, who's in?! :-)

Thanks,
Randy

[Secureideas-base-user] BASE 1.5.x and moving forward

[<wi...@sh...>]

Hello,

I would like to solicite assistance and advice from the BASE community
with regards for setting requirements for the BASE 2.0 release. Since
taking over the project from Kevin I have been reviewing the code and have
found that moving forward, it will probably be best for us to rewrite the
engine from scratch. While this may be a large project in the short term
in the long term I feel the current code is
unmaintainable and a new codebase will allow us to easily integrate new
features (like IPv6 support) when the time comes.

The last release in the 1.5.X release chain will be 1.5.5, which will
contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will
still include the Pear::Image and Pear::Graph functionality that is broken
under PHP5.3. If someone wants to develop a work around or patch for this
then I welcome your efforts, but I will be focusing on the 2.0 release.

I would like to solicit assistance from developers who would like to help
with BASE 2.0. In the coming days I will be sending more emails to the
secureideas-base-devel mailing list. If you are interested please contact
me for more details. I hope that BASE can continue to be a flexible
enterprise snort analysis console.

Best,

Will Urbanski

[Secureideas-base-user] Steps !

[Anas.B <a.b...@gm...>]

Hello everyone,

I've installed Suricata (IDS/IPS), now i want to link it with BASE, Mysql,
Barnyard,
But I don't know the steps to start,
What is the first tool, i should install ?

Is there any document ("how to"/....) to Install BASE ?  in French ?
or English !


Regards

[Secureideas-base-user] BASE project lead

[Kevin J. <kjo...@se...>]

Hello everyone,

It is with sadness and excitement that I am writing this email.  After almost six years of running the BASE project, I have to move on to other responsibilities.  My focus has shifted over the last few years towards red-team tools and activities.  This is shown with the other projects I am running; SamuraiWTF, Laudanum and Yokoso as well as the Web Application Penetration Testing and Ethical Hacking class I author for SANS.  I have really enjoyed the time I have spent on the BASE project and am glad to have met all of you.  I will remain around to provide what help I can, but will not be taking an active role in the project.

My excitement comes from being able to introduce Will Urbanski.  Will Urbanski is a Security Analyst with the Virginia Tech IT Security Office and Lab. He has a strong background in web application development and has contributed to a number of open source projects. Will is looking forward to working with other BASE contributors and building upon the strong foundation provided.

Will and I will be working together to transition the project.  I hope that you all welcome Will as I know you will and help him move the BASE project towards the great project we all know it can be.

Thank you!
Kevin
 
Kevin Johnson
Senior Security Analyst
InGuardians, Inc.
office: 202.448.8958
cell: 904.403.8024

[Secureideas-base-user] oldne ss recov ering

[Cheap V. P. on www.yj65.c. <pol...@re...>]

idyll ist  suffe rer  disma l  kinse y  unimo dular  incal culab ly
solem niser  savvi ed  roman ticiz es  exame n  entic es  amort izabl e
 koino nia  ungal lantl y  oxyhy droge n  clari net  amort izabl e
versi color  crowf eet  attun e  dismo unted  tough  malef actor s
nerva tion  nonch alanc e  idyll ist  dogli ke  humpy  soreh ead  weigh
 reagg regat e  ensla ved  emper orshi p  subne twork s  pagan izers
emper orshi p  elect  souve nir  rearh orse  phosp hatiz e  allot ee
longi nus  machi natio n

[Secureideas-base-user] slath ered modul abili ty wacko retra nslat ed quino line

[Viagra on www.na47.c. <ecu...@cp...>]

proli xity  boner s  marg  perio steum

[Secureideas-base-user] problems with BASE

[Shahin A. <sha...@ve...>]

Greetings-
   Just fyi, an upgrade to snort-2.8.5.2 fixed the issue described
below:
I need some help figuring out why I see events from snort populate the
mysql DB, but BASE populated events are empty.  I have check the
base_conf.php a number of times.  I also went through the readme
document that comes with Base-1.4.4 and set the DB permissions again.
has anyone else run into this issue?  
mysql> select count(*) from acid_event;
+----------+
| count(*) |
+----------+
| 0 | 
+----------+
1 row in set (0.00 sec)

mysql> select count(*) from event;
+----------+
| count(*) |
+----------+
| 888 | 
+----------+
1 row in set (0.00 sec)
***********************************************
Thanks to this thread:
http://www.mcabee.org/lists/snort-users/Apr-09/msg00082.html
I tried the patch stated here with the 2.8.4 version but no go:-(
http://www.mcabee.org/lists/snort-users/Apr-09/msg00096.html
I also upgraded BASE.  But at the end, the issue was the version of
snort.  Seems both 2.8.3 and 2.8.4 had this issue.  I believe I did
upgrade snort first when I started troubleshooting.  Tough problem.

[Secureideas-base-user] problems with BASE and mysql

[Shahin A. <sha...@ve...>]

I need some help figuring out why I see events from snort populate the
mysql DB, but BASE populated events are empty.  I have check the
base_conf.php a number of times.  I also went through the readme
document that comes with Base-1.4.4 and set the DB permissions again.
has anyone else run into this issue?  
mysql> select count(*) from acid_event;
+----------+
| count(*) |
+----------+
| 0 | 
+----------+
1 row in set (0.00 sec)

mysql> select count(*) from event;
+----------+
| count(*) |
+----------+
| 888 | 
+----------+
1 row in set (0.00 sec)

Re: [Secureideas-base-user] IRC Channel

[Kevin J. <kjo...@se...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, I have been swamped lately and not in the channel.  I will try  
to get back in there some time today...

Kevin

On Nov 17, 2009, at 11:03 PM, Randal T. Rioux wrote:

> I've been hanging out in #secureideas at FreeNode for weeks, and I'm  
> so
> very alone. Is this still the place for BASE folks?
>
> Just checking!
>
> Randy
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Secureideas-base-user mailing list
> Sec...@li...
> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAksEFIcACgkQGDcWptZ2zmSlogCfS/SdSlikrCJ0y9g8iSXG7MjV
WtUAniSTs4KVpPhAs/xotN4QTzhWwHGo
=C963
-----END PGP SIGNATURE-----