[7.910][BUG][FIXED] IPS updates still produce timeouts?

Hi there,

I just got the time to test the actual release a bit and realized that changes to the IPS still let the astaro go down for more than a minute - I thought that this has been changed in v.8 beta already?

It doesn't matter if I disable a rule (that produces false positives) or if I activate some more attack patterns. So my thought about this is that updates to already activated (sets of) patterns also have to cause connection-disruptions.

Did I get that wrong? Isn't this "fix" already implemented?

Thanks for clarifying that point for me [:)]

Best regards,
t-work

Parents

0 kbr over 15 years ago

Why? The strong words are directed to the bug, not the forum... ;-)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 67ef1d over 15 years ago in reply to kbr
Could you please try this:

Open /var/chroot-snort/etc/snort/snort.conf-default in a text editor, find the line that starts
with

preprocessor ssl: ports { 443 465 563 636 ...

and move that line further down (i suggest inserting it before line that reads
"# Output plugins").

This "fixes" the issue for me. You may have to repeat the same step with snort.conf as well.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 67ef1d over 15 years ago in reply to kbr
Could you please try this:

Open /var/chroot-snort/etc/snort/snort.conf-default in a text editor, find the line that starts
with

preprocessor ssl: ports { 443 465 563 636 ...

and move that line further down (i suggest inserting it before line that reads
"# Output plugins").

This "fixes" the issue for me. You may have to repeat the same step with snort.conf as well.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data