[BlueOnyx:05071] DFix 1.9 released

[Greg Kuhnert]

A new version of DFix is available today. The updated version is 
available for both blueonyx and bluequartz, but the new feature only 
helps blueonyx users.

In the past, DFix parsed /var/log/secure looking for hosts that were 
blocked by pam_abl. This method had some issues that has caused the 
"unable to block non-ip target" messages. There was a workaround to have 
a lower log level. Now, we have fixed the problem at the source. The new 
version of DFix dfix pulls the list of bad hosts from the CCE database 
directly.

On the up side, this will totally eliminate the issues with "unable to 
block non IP target" errors. (Even with debug mode enabled). Also, DFix 
will ALWAYS block stuff that is blocked by pam_abl. (It didnt always 
catch it in the past).

On the down side, the CCE database is updated from pam_abl data every 30 
minutes, so it will take longer to block stuff that has been detected by 
pam_abl. This is not a major problem, since pam_abl is still blocking 
and doing its thing. DFix in another layer on top of pam_abl that will 
block the traffic at a firewall level. We only really need this to help 
with "persistent" attacks anyway to help reduce system load, so the 30 
minute delay is acceptable.

Overall, I think this is still a better overall solution than the 
earlier versions. Enjoy.

Greg.

-- 
+---------------------------------------------------------------------+
|   / \   Greg Kuhnert, gkuhnert at compassnetworks.com.au               |
|<   o>  Compass Networks - Pointing you in the right direction      |
|   \ /   Come see us for BlueQuartz / BlueOnyx modules&  Support.    |
+---------------------------------------------------------------------+