Tag Archives: suricata

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/748073/rss

Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel).

[$] Using eBPF and XDP in Suricata

Post Syndicated from jake original https://lwn.net/Articles/737771/rss

Much software that uses the Linux kernel does so at comparative
arms-length: when it needs the kernel, perhaps for a read or write, it
performs a system call, then (at least from its point of view) continues
operation later, with whatever the kernel chooses to give it in reply. Some
software, however, gets pretty intimately involved with the kernel as part
of its normal operation, for example by using eBPF for low-level packet
processing. Suricata is such a program; Eric Leblond
spoke about it at Kernel Recipes 2017 in a talk entitled “eBPF and XDP
seen from the
eyes of a meerkat”.

Suricata 4.0 released

Post Syndicated from jake original https://lwn.net/Articles/729064/rss

Version 4.0 of the Suricata intrusion detection system (IDS) and network security monitor (NSM) has been released. The release has improved detection for threats in HTTP, SSH, and other protocols, improvements to TLS, new support for NFS, additions to the extensible event format (EVE) JSON logging, some parts have been implemented in Rust, and more. “This is the first release in which we’ve implemented parts in the Rust
language using the Nom parser framework. This work is inspired by Pierre
Chiffliers’ (ANSSI), talk at SuriCon 2016 (pdf). By compiling with
–enable-rust you’ll get a basic NFS parser and a re-implementation of
the DNS parser. Feedback on this is highly appreciated. The Rust support is still experimental, as we are continuing to explore
how it functions, performs and what it will take to support it in the
community. Additionally we included Pierre Chiffliers Rust parsers work.
This uses external Rust parser ‘crates’ and is enabled by using
–enable-rust-experimental. Initially this adds a NTP parser.

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/716538/rss

Security updates have been issued by Debian (texlive-base), Fedora (cacti, drupal7-metatag, freeipa, mingw-gtk-vnc, suricata, and xen), Oracle (kvm), Red Hat (java-1.8.0-ibm and kvm), Scientific Linux (kvm), Slackware (firefox and thunderbird), SUSE (qemu), and Ubuntu (firefox, imagemagick, kernel, linux, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux, linux-ti-omap4, linux-hwe, linux-lts-trusty, linux-lts-xenial, and network-manager-applet).

Pulled Pork – Suricata & Snort Rule Management

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/P3y3DA2rV1o/

Pulled Pork is a PERL based tool for Suricata and Snort rule management – it can determine your version of Snort and automatically download the latest rules for you. The name was chosen because simply speaking, it Pulls the rules. Using a regular crontab you can keep your Snort or Suricata rules up to date […]

The post Pulled Pork –…

Read the full post at darknet.org.uk