secureideas-base-user Mailing List for BASE
Brought to you by:
secureideas,
sinukas
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
(3) |
Feb
(1) |
Mar
(9) |
Apr
(8) |
May
(14) |
Jun
(1) |
Jul
(6) |
Aug
(14) |
Sep
(6) |
Oct
(4) |
Nov
(4) |
Dec
|
2006 |
Jan
(10) |
Feb
(9) |
Mar
(12) |
Apr
(11) |
May
(18) |
Jun
(11) |
Jul
(19) |
Aug
(2) |
Sep
(8) |
Oct
(8) |
Nov
(2) |
Dec
(13) |
2007 |
Jan
|
Feb
(6) |
Mar
(7) |
Apr
|
May
(8) |
Jun
(5) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(3) |
Dec
(15) |
2008 |
Jan
|
Feb
|
Mar
(5) |
Apr
(7) |
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
(2) |
Sep
(10) |
Oct
(10) |
Nov
(2) |
Dec
(34) |
2009 |
Jan
(2) |
Feb
(15) |
Mar
(16) |
Apr
(21) |
May
(33) |
Jun
(25) |
Jul
(36) |
Aug
(10) |
Sep
(2) |
Oct
|
Nov
(2) |
Dec
(11) |
2010 |
Jan
(7) |
Feb
(6) |
Mar
(4) |
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2016 |
Jan
(11) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: James N. <jn...@ri...> - 2016-09-04 16:04:40
|
Hi, I've installed snort, barnyard2 etc on Mint. Tested snort works with MySQL and all is fine. After I've installed BASE and configured all I get is a blank screen. I've had a look at the apache error logs and I get this...... PHP Fatal error: Uncaught Error: Call to undefined function ereg_replace() in /var/www/html/base/includes/base_state_common.inc.php:184\nStack trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248): CleanVariable('', 291)\n#1 /var/www/html/base/base_main.php(63): PushHistory()\n#2 {main}\n thrown in /var/www/html/base/includes/base_state_common.inc.php on line 184 I've posted more on the Ubuntu Security forum here.... https://ubuntuforums.org/showthread.php?t=2333635 Any ideas how I could rectify this? Cheers, Jim PHP Fatal error: Uncaught Error: Call to undefined function ereg_replace() in /var/www/html/base/includes/base_state_common.inc.php:184\nStack trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248): ClPHP Fatal error: Uncaught Error: Call to undefined function ereg_replace() in /var/www/html/base/includes/base_state_common.inc.php:184\nStack trace:\n#0 /var/www/html/base/includes/base_state_criteria.inc.php(248): CleanVariable('', 291)\n#1 /var/www/html/base/base_main.php(63): PushHistory()\n#2 {main}\n thrown in /var/www/html/base/includes/base_state_common.inc.php on line 184 |
From: hernani c. <coe...@sa...> - 2016-01-30 15:09:45
|
nobody can help me? On 28-01-2016 16:25, hernani coelho wrote: > hello, > sorry i have problems to send messages with other address > > that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules > i use pulledpork and barnyard2 to manage rules, i don't know if > pulledpork have that rule enabled. how can i see?? > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: hernani c. <her...@ms...> - 2016-01-28 16:25:45
|
hello, sorry i have problems to send messages with other address that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork and barnyard2 to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? |
From: hernani c. <coe...@sa...> - 2016-01-28 16:09:08
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork and barnyard2 to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> #0-(3-146) >>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>>> 0.0.0.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>>> IP >>>>> >>>>> i see entries when i see a web page. >>>>> can someone help me?? >>>>> >>>>> thanks >>>>> hernani >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>>> Monitor end-to-end web transactions and take corrective actions now >>>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Secureideas-base-user mailing list >>>>> Sec...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> > |
From: hernani c. <coe...@sa...> - 2016-01-28 15:28:56
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork to manage rules, i don't know if that rule are enabled by pulledpork, how can i see if that rule are enabled?? > > i use pulledpork to manage rules, i don't know if pulledpork have that > rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> |
From: hernani c. <coe...@sa...> - 2016-01-28 15:13:22
|
i have problems to send email to list, i receive error to post messages lets see if now go. > hello, > that rule are commented ---> # include > $PREPROC_RULE_PATH/preprocessor.rules > > i use pulledpork to manage rules, i don't know if pulledpork have that > rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> #0-(3-146) >>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>>> 0.0.0.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>>> IP >>>>> >>>>> i see entries when i see a web page. >>>>> can someone help me?? >>>>> >>>>> thanks >>>>> hernani >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>>> Monitor end-to-end web transactions and take corrective actions now >>>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Secureideas-base-user mailing list >>>>> Sec...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> > |
From: hernani c. <coe...@sa...> - 2016-01-28 13:45:58
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? thanks hernani On 28-01-2016 11:44, Joel Esler wrote: > hernani, > > Have you tried shutting off that particular preprocessor rule in > preprocessor.rules? > > On Jan 28, 2016, 6:01 AM, hernani coelho wrote: > >> >> >>> anybody can help me?? >>> >>> On 26-01-2016 16:19, hernani coelho wrote: >>>> hello, >>>> >>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>> but i receive a lot alerts from >>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>> these alerts. how can i stop these alerts?? >>>> #0-(3-146) >>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>> 0.0.0.0 >>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>> IP >>>> >>>> i see entries when i see a web page. >>>> can someone help me?? >>>> >>>> thanks >>>> hernani >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>> Monitor end-to-end web transactions and take corrective actions now >>> Troubleshoot faster and improve end-user experience. Signup Now! >>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>> >>> >>> _______________________________________________ >>> Secureideas-base-user mailing list >>> Sec...@li... >>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>> >> |
From: hernani c. <coe...@sa...> - 2016-01-28 11:01:18
|
> anybody can help me?? > > On 26-01-2016 16:19, hernani coelho wrote: >> hello, >> >> i have, snort, base, mysql, barnyard2, and pulledpork everything works >> but i receive a lot alerts from >> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >> these alerts. how can i stop these alerts?? >> #0-(3-146) >> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >> outside window 2016-01-26 15:47:51 64.4.8.0 >> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >> 0.0.0.0 >> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >> IP >> >> i see entries when i see a web page. >> can someone help me?? >> >> thanks >> hernani >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> >> >> _______________________________________________ >> Secureideas-base-user mailing list >> Sec...@li... >> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user > > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: hernani c. <coe...@sa...> - 2016-01-27 17:03:20
|
anybody can help me?? On 26-01-2016 16:19, hernani coelho wrote: > hello, > > i have, snort, base, mysql, barnyard2, and pulledpork everything works > but i receive a lot alerts from > ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of > these alerts. how can i stop these alerts?? > #0-(3-146) > <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> > [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset > outside window 2016-01-26 15:47:51 64.4.8.0 > <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> > 0.0.0.0 > <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> > IP > > i see entries when i see a web page. > can someone help me?? > > thanks > hernani > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: hernani c. <coe...@sa...> - 2016-01-26 16:19:31
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? #0-(3-146) <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset outside window 2016-01-26 15:47:51 64.4.8.0 <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 0.0.0.0 <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> IP i see entries when i see a web page. can someone help me?? thanks hernani |
From: hernani c. <her...@ms...> - 2016-01-26 15:14:27
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? i see entries when i see a web page. can someone help me?? thanks hernani |
From: hernani c. <her...@ms...> - 2016-01-26 14:20:26
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? i see entries when i see a web page. can someone help me?? thanks hernani |
From: soma patel-s. <dum...@gm...> - 2013-07-25 17:48:24
|
I have been working on setting up Snort,Barnyard2 and Base. 1.Snort is currently logging in the unified2 format. 2.Barnyard2 is reading the logs and successfully inserting stuff into MySQL. (I confirmed this using the standard "select count(*) from events;" Please let me know if my assumption is wrong) 3.Base can insert into the database (can create a user through the Base gui), also when I hit the update alert cache button, I see the total events being updated. I still do not see any alerts on the main page. TCP,UDP and ICMP traffic still say 0,0,0 resp. Can anyone help fixing this please. Thanks, /$m |
From: Marc M. <ma...@le...> - 2011-04-01 19:24:51
|
hello list, I want to set up snort with base on my debian server as a honey pot for a videoconferencing server. I found this nice manual here http://openmaniak.com/snort_tutorial_base but i am having an error: http://91.184.33.25/base/base-1.4.5/ Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/base/base-1.4.5/ includes/base_action.inc.php on line 29 Warning: include_once() [function.include]: Failed opening 'Mail.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in / var/www/base/base-1.4.5/includes/base_action.inc.php on line 29 Warning: include_once(Mail/mime.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/base/base-1.4.5/ includes/base_action.inc.php on line 30 Warning: include_once() [function.include]: Failed opening 'Mail/ mime.php' for inclusion (include_path='.:/usr/share/php:/usr/share/ pear') in /var/www/base/base-1.4.5/includes/base_action.inc.php on line 30 Maybe the path to "adodb" was wrong ? thanks for any help regards Marc -- Les enfants teribbles - research / deployment Marc Manthey- Vogelsangerstrasse 97 50823 Köln - Germany Tel.:0049-221-29891489 Mobil:0049-1577-3329231 blog: http://let.de twitter: http://twitter.com/macbroadcast/ facebook : http://opencu.tk Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). -- Les enfants teribbles - research / deployment Marc Manthey- Vogelsangerstrasse 97 50823 Köln - Germany Tel.:0049-221-29891489 Mobil:0049-1577-3329231 blog: http://let.de project : http://opencu.org twitter: http://twitter.com/macbroadcast/ facebook : http://opencu.tk Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). |
From: Marc M. <ma...@le...> - 2011-04-01 17:39:18
|
hello list, I want to set up snort with base on my debian server as a honey pot for a videoconferencing server. I found this nice manual here http://openmaniak.com/snort_tutorial_base but i am having an error: http://91.184.33.25/base/base-1.4.5/ Warning: include_once(Mail.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/base/base-1.4.5/ includes/base_action.inc.php on line 29 Warning: include_once() [function.include]: Failed opening 'Mail.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in / var/www/base/base-1.4.5/includes/base_action.inc.php on line 29 Warning: include_once(Mail/mime.php) [function.include-once]: failed to open stream: No such file or directory in /var/www/base/base-1.4.5/ includes/base_action.inc.php on line 30 Warning: include_once() [function.include]: Failed opening 'Mail/ mime.php' for inclusion (include_path='.:/usr/share/php:/usr/share/ pear') in /var/www/base/base-1.4.5/includes/base_action.inc.php on line 30 Maybe the path to "adodb" was wrong ? thanks for any help regards Marc -- Les enfants teribbles - research / deployment Marc Manthey- Vogelsangerstrasse 97 50823 Köln - Germany Tel.:0049-221-29891489 Mobil:0049-1577-3329231 blog: http://let.de twitter: http://twitter.com/macbroadcast/ facebook : http://opencu.tk Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). |
From: Kevin J. <kjo...@se...> - 2010-08-11 23:48:00
|
On Aug 10, 2010, at 11:14 AM, wi...@sh... wrote: > Hello, > > I would like to solicite assistance and advice from the BASE community > with regards for setting requirements for the BASE 2.0 release. Since > taking over the project from Kevin I have been reviewing the code and have > found that moving forward, it will probably be best for us to rewrite the > engine from scratch. While this may be a large project in the short term > in the long term I feel the current code is > unmaintainable and a new codebase will allow us to easily integrate new > features (like IPv6 support) when the time comes. > > The last release in the 1.5.X release chain will be 1.5.5, which will > contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will > still include the Pear::Image and Pear::Graph functionality that is broken > under PHP5.3. If someone wants to develop a work around or patch for this > then I welcome your efforts, but I will be focusing on the 2.0 release. > > I would like to solicit assistance from developers who would like to help > with BASE 2.0. In the coming days I will be sending more emails to the > secureideas-base-devel mailing list. If you are interested please contact > me for more details. I hope that BASE can continue to be a flexible > enterprise snort analysis console. I hope that it goes without saying, but of course I am saying it, I am available to help with this. I look forward to seeing where BASE ends up. Kevin |
From: Randal T. R. <ra...@pr...> - 2010-08-10 16:14:16
|
On 8/10/2010 8:14 AM, wi...@sh... wrote: > Hello, > > I would like to solicite assistance and advice from the BASE community > with regards for setting requirements for the BASE 2.0 release. Since > taking over the project from Kevin I have been reviewing the code and have > found that moving forward, it will probably be best for us to rewrite the > engine from scratch. While this may be a large project in the short term > in the long term I feel the current code is > unmaintainable and a new codebase will allow us to easily integrate new > features (like IPv6 support) when the time comes. > > The last release in the 1.5.X release chain will be 1.5.5, which will > contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will > still include the Pear::Image and Pear::Graph functionality that is broken > under PHP5.3. If someone wants to develop a work around or patch for this > then I welcome your efforts, but I will be focusing on the 2.0 release. > > I would like to solicit assistance from developers who would like to help > with BASE 2.0. In the coming days I will be sending more emails to the > secureideas-base-devel mailing list. If you are interested please contact > me for more details. I hope that BASE can continue to be a flexible > enterprise snort analysis console. Greetings, Will. Welcome to the team! I, as I'm sure others are as well, am anxious to get the foundation for 2.0 started. We should begin by drafting a list of features both required and desired for the new codebase, along with a roadmap. We should also re-org the developer roster. So those interested should wave their hands vociferously! And we may want to include some new folks wishing to participate. I've cc'd the Snort-users list for that purpose, as well as to get suggestions from the community as to what they'd like to see in the new BASE. So, who's in?! :-) Thanks, Randy |
From: <wi...@sh...> - 2010-08-10 15:47:09
|
Hello, I would like to solicite assistance and advice from the BASE community with regards for setting requirements for the BASE 2.0 release. Since taking over the project from Kevin I have been reviewing the code and have found that moving forward, it will probably be best for us to rewrite the engine from scratch. While this may be a large project in the short term in the long term I feel the current code is unmaintainable and a new codebase will allow us to easily integrate new features (like IPv6 support) when the time comes. The last release in the 1.5.X release chain will be 1.5.5, which will contain the patches for BASE to run under PHP 5.3. The 1.5.5 release will still include the Pear::Image and Pear::Graph functionality that is broken under PHP5.3. If someone wants to develop a work around or patch for this then I welcome your efforts, but I will be focusing on the 2.0 release. I would like to solicit assistance from developers who would like to help with BASE 2.0. In the coming days I will be sending more emails to the secureideas-base-devel mailing list. If you are interested please contact me for more details. I hope that BASE can continue to be a flexible enterprise snort analysis console. Best, Will Urbanski |
From: Anas.B <a.b...@gm...> - 2010-07-02 11:27:22
|
Hello everyone, I've installed Suricata (IDS/IPS), now i want to link it with BASE, Mysql, Barnyard, But I don't know the steps to start, What is the first tool, i should install ? Is there any document ("how to"/....) to Install BASE ? in French ? or English ! Regards |
From: Kevin J. <kjo...@se...> - 2010-06-16 21:58:40
|
Hello everyone, It is with sadness and excitement that I am writing this email. After almost six years of running the BASE project, I have to move on to other responsibilities. My focus has shifted over the last few years towards red-team tools and activities. This is shown with the other projects I am running; SamuraiWTF, Laudanum and Yokoso as well as the Web Application Penetration Testing and Ethical Hacking class I author for SANS. I have really enjoyed the time I have spent on the BASE project and am glad to have met all of you. I will remain around to provide what help I can, but will not be taking an active role in the project. My excitement comes from being able to introduce Will Urbanski. Will Urbanski is a Security Analyst with the Virginia Tech IT Security Office and Lab. He has a strong background in web application development and has contributed to a number of open source projects. Will is looking forward to working with other BASE contributors and building upon the strong foundation provided. Will and I will be working together to transition the project. I hope that you all welcome Will as I know you will and help him move the BASE project towards the great project we all know it can be. Thank you! Kevin Kevin Johnson Senior Security Analyst InGuardians, Inc. office: 202.448.8958 cell: 904.403.8024 |
From: Cheap V. P. on www.yj65.c. <pol...@re...> - 2010-03-07 19:56:43
|
idyll ist suffe rer disma l kinse y unimo dular incal culab ly solem niser savvi ed roman ticiz es exame n entic es amort izabl e koino nia ungal lantl y oxyhy droge n clari net amort izabl e versi color crowf eet attun e dismo unted tough malef actor s nerva tion nonch alanc e idyll ist dogli ke humpy soreh ead weigh reagg regat e ensla ved emper orshi p subne twork s pagan izers emper orshi p elect souve nir rearh orse phosp hatiz e allot ee longi nus machi natio n |
From: Viagra on www.na47.c. <ecu...@cp...> - 2010-01-25 19:53:37
|
proli xity boner s marg perio steum |
From: Shahin A. <sha...@ve...> - 2010-01-03 05:16:49
|
Greetings- Just fyi, an upgrade to snort-2.8.5.2 fixed the issue described below: I need some help figuring out why I see events from snort populate the mysql DB, but BASE populated events are empty. I have check the base_conf.php a number of times. I also went through the readme document that comes with Base-1.4.4 and set the DB permissions again. has anyone else run into this issue? mysql> select count(*) from acid_event; +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.00 sec) mysql> select count(*) from event; +----------+ | count(*) | +----------+ | 888 | +----------+ 1 row in set (0.00 sec) *********************************************** Thanks to this thread: http://www.mcabee.org/lists/snort-users/Apr-09/msg00082.html I tried the patch stated here with the 2.8.4 version but no go:-( http://www.mcabee.org/lists/snort-users/Apr-09/msg00096.html I also upgraded BASE. But at the end, the issue was the version of snort. Seems both 2.8.3 and 2.8.4 had this issue. I believe I did upgrade snort first when I started troubleshooting. Tough problem. |
From: Shahin A. <sha...@ve...> - 2010-01-03 03:32:37
|
I need some help figuring out why I see events from snort populate the mysql DB, but BASE populated events are empty. I have check the base_conf.php a number of times. I also went through the readme document that comes with Base-1.4.4 and set the DB permissions again. has anyone else run into this issue? mysql> select count(*) from acid_event; +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.00 sec) mysql> select count(*) from event; +----------+ | count(*) | +----------+ | 888 | +----------+ 1 row in set (0.00 sec) |
From: Kevin J. <kjo...@se...> - 2009-11-18 15:54:27
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, I have been swamped lately and not in the channel. I will try to get back in there some time today... Kevin On Nov 17, 2009, at 11:03 PM, Randal T. Rioux wrote: > I've been hanging out in #secureideas at FreeNode for weeks, and I'm > so > very alone. Is this still the place for BASE folks? > > Just checking! > > Randy > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAksEFIcACgkQGDcWptZ2zmSlogCfS/SdSlikrCJ0y9g8iSXG7MjV WtUAniSTs4KVpPhAs/xotN4QTzhWwHGo =C963 -----END PGP SIGNATURE----- |