A new version of DFix is available today. The updated version is available for both blueonyx and bluequartz, but the new feature only helps blueonyx users.
In the past, DFix parsed /var/log/secure looking for hosts that were blocked by pam_abl. This method had some issues that has caused the "unable to block non-ip target" messages. There was a workaround to have a lower log level. Now, we have fixed the problem at the source. The new version of DFix dfix pulls the list of bad hosts from the CCE database directly. On the up side, this will totally eliminate the issues with "unable to block non IP target" errors. (Even with debug mode enabled). Also, DFix will ALWAYS block stuff that is blocked by pam_abl. (It didnt always catch it in the past). On the down side, the CCE database is updated from pam_abl data every 30 minutes, so it will take longer to block stuff that has been detected by pam_abl. This is not a major problem, since pam_abl is still blocking and doing its thing. DFix in another layer on top of pam_abl that will block the traffic at a firewall level. We only really need this to help with "persistent" attacks anyway to help reduce system load, so the 30 minute delay is acceptable. Overall, I think this is still a better overall solution than the earlier versions. Enjoy. Greg. -- +---------------------------------------------------------------------+ | / \ Greg Kuhnert, [email protected] | |< o> Compass Networks - Pointing you in the right direction | | \ / Come see us for BlueQuartz / BlueOnyx modules& Support. | +---------------------------------------------------------------------+ _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
