1. Prelude quick install

    To install Prelude, the Hybrid IDS (or Meta IDS) on Debian, on less than ten minutes, just use the packages:

    • install a database (PostgreSQL or MySQL)
    • install the Prelude manager, all needed packages will be installed automatically
    apt-get install prelude-manager
    • during the installation, dbconfig will ask to configure the database. Say yes, and give the parameters. dbconfig will create a new user, set a password, create the SQL schema and configure prelude-manager to use it.

    This should be enough for the manager. You will have to configure the listen address for the manager (the default is restricted to localhost) to listen on the network.

    To add agents (sensors), you have to install the package and register a new profile for each sensor.For ex:

    apt-get install prelude-lml
    apt-get install snort

    Create a new profile:

    prelude-admin register prelude-lml "idmef:w" <manager address> --uid 0 --gid 0
    prelude-admin register snort "idmef:w" <manager address> --uid 0 --gid 0

    Follow the instructions for the registration.

    Check the address of the manager in the config (global file is /etc/prelude/default/client.conf):

    server-addr =

    For a complete installation guide (with explanations) including the web interface Prewikka, look at the Prelude …

    read more
  2. fusil_0.7-1_amd64.changes ACCEPTED

    Fusil (http://fusil.hachoir.org) has been accepted into Debian.

    The description:

    Fusil is a fuzzing framework designed to expose bugs in software by
    changing random bits of its input.
    It helps to start process with a prepared environment (limit memory,
    environment variables, redirect stdout, etc.), start network client or
    server, and create mangled files. Fusil has many probes to detect
    program crash: watch process exit code, watch process stdout and syslog
    for text patterns (eg. "segmentation fault"), watch session duration,
    watch cpu usage (process and system load), etc.
    Fusil is based on a modular architecture. It computes a session score
    used to guess fuzzing parameters like number of injected errors to
    input files.

    read more
  3. https transport for apt

    Starting from Lenny, apt support the https transport for apt repositories.

    Before, this would give the error:

    # apt-get update
    E: The method driver /usr/lib/apt/methods/https could not be found.

    On Lenny (and unstable), install the apt-transport-https package:

    apt-get install apt-transport-https

    And https repositories will now work.

    This is no current backport for Etch on backports.org, because the hack for the transport is quite intrusive and require some deep modifications in the entire apt code. Maybe another site will propose it ?

    Note: it seems there is currently no way to check the certificate or configure trusted certificates. This is a good step towards security anyway. Remember: always use trusted repositories (signed with a trusted key - see man apt-key for more information).

    read more

« Page 2 / 2