Revision: 2795
http://ipcop.svn.sourceforge.net/ipcop/?rev=2795&view=rev
Author: eoberlander
Date: 2009-05-05 11:27:03 +0000 (Tue, 05 May 2009)
Log Message:
-----------
Remove section on IDS, and references to IDS, from 2.0 Admin Manual.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/images/info-inodes.png
IPCopDoc/trunk/en/admin/images/infodisk.png
IPCopDoc/trunk/en/admin/images/infokern.png
IPCopDoc/trunk/en/admin/images/services.png
IPCopDoc/trunk/en/admin/xml/home.xml
IPCopDoc/trunk/en/admin/xml/introduction.xml
IPCopDoc/trunk/en/admin/xml/logs.xml
IPCopDoc/trunk/en/admin/xml/preface.xml
IPCopDoc/trunk/en/admin/xml/services.xml
Modified: IPCopDoc/trunk/en/admin/images/info-inodes.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/infodisk.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/infokern.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/images/services.png
===================================================================
(Binary files differ)
Modified: IPCopDoc/trunk/en/admin/xml/home.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/home.xml 2009-05-05 10:30:49 UTC (rev
2794)
+++ IPCopDoc/trunk/en/admin/xml/home.xml 2009-05-05 11:27:03 UTC (rev
2795)
@@ -94,7 +94,7 @@
Configuration/Administration of your IPCop server's
Virtual Private Network settings and options.</para></listitem>
<listitem><para><guimenuitem>Logs:</guimenuitem>
- View all your IPCop server's logs (firewall, IDS,
+ View all your IPCop server's logs (firewall, proxy,
etc.)</para></listitem>
</itemizedlist>
Modified: IPCopDoc/trunk/en/admin/xml/introduction.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/introduction.xml 2009-05-05 10:30:49 UTC
(rev 2794)
+++ IPCopDoc/trunk/en/admin/xml/introduction.xml 2009-05-05 11:27:03 UTC
(rev 2795)
@@ -74,8 +74,8 @@
</para>
<para>
Now, after almost two and a half years, the first major overhaul of
IPCop has been released.
- With it, a lot of cool things have been added; quad network support,
intrusion detection on
- all networks and a slick new interface, to name a few.
+ With it, a lot of cool things have been added; quad network support
+ and a slick new interface, to name a few.
</para>
<para>
And so again, Welcome to IPCop!
@@ -194,11 +194,6 @@
</listitem>
<listitem>
<para>
- Intrusion Detection for ALL networks (RED, ORANGE, BLUE
and GREEN)
- </para>
- </listitem>
- <listitem>
- <para>
Virtual Private Network (VPN) to allow multiple sites to
act as single large network.
</para>
</listitem>
Modified: IPCopDoc/trunk/en/admin/xml/logs.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/logs.xml 2009-05-05 10:30:49 UTC (rev
2794)
+++ IPCopDoc/trunk/en/admin/xml/logs.xml 2009-05-05 11:27:03 UTC (rev
2795)
@@ -41,12 +41,6 @@
</listitem>
<listitem>
<para>
- <link linkend="section-logs-ids">
- <guimenuitem>IDS Logs</guimenuitem></link>
- </para>
- </listitem>
- <listitem>
- <para>
<link linkend="logs-system">
<guimenuitem>System Logs</guimenuitem></link>
</para>
@@ -57,12 +51,11 @@
<sect2 id="log_intro">
<title>Introduction</title>
<para>
- The Logs web pages consist of five or six sub-pages -
+ The Logs web pages consist of five sub-pages -
<guisubmenu>Log Settings</guisubmenu>,
<guisubmenu>Log Summary</guisubmenu>,
<guisubmenu>Proxy Logs</guisubmenu>,
- <guisubmenu>Firewall Logs</guisubmenu>,
- <guisubmenu>IDS Logs</guisubmenu> (if enabled) and
+ <guisubmenu>Firewall Logs</guisubmenu> and
<guisubmenu>System Logs</guisubmenu>.
These share a common set of interface features to
select the log information to be displayed, and to
@@ -363,98 +356,6 @@
</para>
</sect2>
- <sect2 id="section-logs-ids">
- <title>
- Intrusion Detection System Log Page
- </title>
- <para>
- This page shows incidents detected by the IPCop
- Intrusion Detection System (IDS). The IDS system is
- inactive after first installation of IPCop, and may be
- activated (and deactivated) through a specific
- administration page (<guimenu>Services</guimenu> >
- <guimenu>Intrusion Detection</guimenu>).
- </para>
- <para>
- The controls on this page are the basic
- <guilabel>Month</guilabel>,
- <guilabel>Day</guilabel>,
- <guilabel><<</guilabel> (Day before),
- <guilabel>>></guilabel> (Day after),
- <guibutton>Update</guibutton> and
- <guibutton>Export</guibutton> buttons that
- are described in detail at the beginning of this
- Section. These allow you to examine the IDS Logs for a
- specific day. These Logs consist of a number of items
- for each detected incident:
- </para>
-
- <itemizedlist>
- <listitem>
- <para>The <guilabel>Date:</guilabel> and time of
- the incident.</para>
- </listitem>
- <listitem>
- <para><guilabel>Name:</guilabel> - a description
- of the incident.</para>
- </listitem>
- <listitem>
- <para><guilabel>Priority:</guilabel> (if
- available). This is the severity of the incident,
- graded as 1 ("bad"), 2 ("not too bad"), & 3
- ("possibly bad").</para>
- </listitem>
- <listitem>
- <para><guilabel>Type:</guilabel> - a general
- description of the incident (if available).</para>
- </listitem>
- <listitem>
- <para><guilabel>IP Info:</guilabel> - the IP
- identities (address & port) of the source and
- target involved in the incident. Each IP address
- is a hyperlink, which you can use to perform a DNS
- lookup for that IP address and obtain any
- available information about its registration and
- ownership.</para>
- </listitem>
- <listitem>
- <para><guilabel>References:</guilabel> -
- hyperlinked URLs to any available sources of
- information for this type of incident.</para>
- </listitem>
- <listitem>
- <para><guilabel>SID:</guilabel> - the Snort ID
- number (if available). "Snort" is the software
- module used by IPCop to provide the IDS function,
- and SID is the ID code used by the Snort module to
- identify a particular pattern of attack. This
- parameter is hyperlinked to a web page carrying
- the relevant entry on the Snort database of
- intrusion signatures.</para>
- </listitem>
- </itemizedlist>
- <para>
- <figure id="v190.logs.005">
- <title>IDS Log Output</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref=
- "&imagepath;idslog.&imageext;" format="PNG"
- contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref=
- "&imagepath;idslog.&imageext;" format="PNG"
- align="center"/>
- </imageobject>
- <textobject>
- <phrase>IDS Log</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- </sect2>
-
<sect2 id="logs-system">
<title>
System Log Page
@@ -544,12 +445,6 @@
</listitem>
<listitem>
<para>
- <guilabel>Snort</guilabel> - shows a log of
- activity for Snort, the Intrusion Detection System.
- </para>
- </listitem>
- <listitem>
- <para>
<guilabel>SSH</guilabel> - provides a record
of users who have logged in to, and out of the
IPCop server over a network via the SSH
Modified: IPCopDoc/trunk/en/admin/xml/preface.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/preface.xml 2009-05-05 10:30:49 UTC (rev
2794)
+++ IPCopDoc/trunk/en/admin/xml/preface.xml 2009-05-05 11:27:03 UTC (rev
2795)
@@ -7,7 +7,7 @@
>
<preface id="preface">
<title>Preface</title>
- <sect1 id="rightsndiscaimers">
+ <sect1 id="rightsndisclaimers">
<title>Rights and Disclaimers</title>
<para>IPCop is Copyright the IPCop Linux Group.</para>
<para>IPCop Linux is published under the GNU General Public
License. For more
@@ -81,4 +81,4 @@
</ulink>
</para>
</sect1>
-</preface>
\ No newline at end of file
+</preface>
Modified: IPCopDoc/trunk/en/admin/xml/services.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/services.xml 2009-05-05 10:30:49 UTC (rev
2794)
+++ IPCopDoc/trunk/en/admin/xml/services.xml 2009-05-05 11:27:03 UTC (rev
2795)
@@ -40,13 +40,9 @@
<para><link linkend="services_shaping"><guimenuitem>Traffic
Shaping</guimenuitem></link>
</para>
</listitem>
- <listitem>
- <para><link linkend="services_ids"><guimenuitem>Intrusion
Detection System</guimenuitem></link>
- </para>
- </listitem>
</itemizedlist>
- In a larger network it is likely that these services will be provided
by dedicated
- servers and should be disabled here.
+ In a larger network it is likely that some of these services will be
+ provided by dedicated servers and should be disabled here.
</para>
<sect2 id="services_webproxy">
<title>Web Proxy Administrative Web Page</title>
@@ -982,12 +978,12 @@
</para>
<para>
Follow their instructions on how to use country zones (for example
- 0.us.pool.ntp.org) rather than the global zone (0.pool.ntp.org),
to further
+ <userinput>0.us.pool.ntp.org</userinput>) rather than the global
zone (<userinput>0.pool.ntp.org</userinput>), to further
improve efficiency.
</para>
<para>
In January 2008 the IPCop vendor pool became available. Please
- use 0.ipcop.pool.ntp.org 1.ipcop.pool.ntp.org or
2.ipcop.pool.ntp.org
+ use <userinput>0.ipcop.pool.ntp.org
1.ipcop.pool.ntp.org</userinput> or <userinput>2.ipcop.pool.ntp.org</userinput>
instead of the previous default zone names.
</para>
<para>
@@ -1122,76 +1118,5 @@
Depending on your usage, you will undoubtedly want to rearrange
your choices of
high, medium and low priority traffic.
</para>
- </sect2><sect2 id="services_ids">
- <title>Intrusion Detection System Administrative Web Page</title>
- <para>
- IPCop contains a powerful intrusion detection system, Snort, which
analyses the contents
- of packets received by the firewall and searches for known
signatures of malicious activity.
- </para><para>
- Snort is a passive system which requires management by the
- User. You need to monitor the logs, and interpret the
- information. Snort only logs suspicious activity, so if
- you need an active system, consider
- <filename>snort_inline</filename> or the
- <filename>guardian</filename> addon.
- </para><para>
- You should also note that Snort is memory hungry, with
- newer versions using about 80Mb per interface. This
- depends in part on the ruleset used, and can be reduced
- by selection of the rules used.
- </para><para>
- <figure id="v140.services.011">
- <title>Intrusion Detection Settings</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;ids.&imageext;"
format="PNG" contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;ids.&imageext;"
format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>IDS Web Page</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para><para>
- IPCop can monitor packets on the Green, Blue, Orange and Red
interfaces. Just tick the relevant
- boxes and click the <guilabel>Save</guilabel> button.
- </para>
- <sect3 id="services_ids_update">
- <title>Snort rules update</title>
- <para>
- A standard installation of IPCop comes with a set
- of Snort's default rules. As more attacks are
- discovered, the rules Snort uses to recognize them
- will be updated. To utilize Sourcefire VRT Certified
- rules you need to register on Snort's website
- <ulink url="http://www.snort.org/";>www.snort.org</ulink>
- and obtain an <quote>Oink Code</quote>.
- </para>
- <para>
- Select the correct radio button, add your Oink Code
- and click the <guilabel>Save</guilabel> button
- <emphasis>before</emphasis>
- your first attempt to download a ruleset.
- </para>
- <para>
- Then, click the
- <guilabel>Refresh update list</guilabel> button,
- followed by the
- <guilabel>Download new ruleset</guilabel> button,
- and finally click
- <guilabel>Apply now</guilabel>.
- </para>
- <para>
- After a successful operation the date and time will
- be displayed beside each button.
- </para>
- <para>
- The final button -
- <guilabel>Read last ruleset installation log</guilabel>
- - will display the last installation log.
- </para>
- </sect3>
</sect2>
</sect1>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
