Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 0 reacties
Bron: NuFW

Het programma NuFW is een uitgebreide firewall dat elke connectie kan filteren op de rechten van de gebruiker en het gebruikte besturingssysteem. Het maakt gebruik van een ldap-server voor het controleren van de toe gekende rechten en Netfilter voor het toepassen van de ingestelde filtertechniek. Voor meer informatie over NuFW verwijzen we jullie door naar deze pagina. De ontwikkelaars zijn begonnen met het werk voor versie 2.0 en de tweede bčtaversie is sinds kort beschikbaar. De aankondiging voorzien van de lijst van veranderingen ziet er als volgt uit:

Version 2.0 beta 2:

NuFW 2.0 beta2 is ready. A couple of notable bugfixes:
  • nuauth : fixed period handling on reload
  • nuauth : fixed incorrect logging of established packets (they were marked as UNAUTHENTICATED DROP)
  • nuauth: fixed a bug in policy test
  • fixes in the Makefile.am files, that were reluctant to some configuration
Version 2.0 beta 1:

The NuFW Core Team is proud to announce the availability of NuFW 2.0-beta1. This new release adds a bunch of new exiting functionnalities:
  • Support of ICMP Reject message : user can now be warned when a packet has been blocked by NuFW.
  • Expiration of connections and TRUE time based acls : one can now define a 8am-6pm time period and link it with an acl. Connections can start during this interval and are automatically killed at 6pm.
  • Better X509 support thanks to Eole sponsoring.
  • Support of multiple iterations of a module, each iteration with a specific config file : nuauth can log in two different MySQL databases for example, or get auth from two distinct LDAP directories...
  • Better libnuclient : It now has an error handling structure.
  • More endian friendly protocol between client and nuauth
  • Massive code cleaning and documentation (written by and for developpers but existing anyway ;-)
Extensive changelog is as follows:
  • nuauth : bugfix on the PostGreSQL log module thanks to Julian Reich
  • nuauth :fix bug in max client number test
  • nuauth|nufw : really close socket in all cases now
  • nuauth : certificate checking improvement
  • nuauth : separate sasl and tls code
  • nufw: cleaning of tls end of session
  • libnuclient : introduce nu_client_global_init to avoid multiple global initialisation of gnutls and sasl
  • define protocol version 3 : protocol version 2 with a fix on endianess
  • nuauth : fix crash when multiple logging modules are used (if one of them is mysql)
  • libnuclient : free connection table
  • libnuclient : fix multithreaded code
  • nuauth: store user identifiers in 32 bits (and not 16), but still send user ID in 16 bits to nufw (with a warning)
  • new configure option: —with-perf-display, display benchmark of user authentification
  • nuauth: fixes about buffer underflow, check that received packet are big enough before casting them to structure
  • nufw and nuauth: fix possible buffer overflow : replace strncpy with the new macro SECURE_STRNCPY which always write ’\0’ on last position, and replace call like sscanf(..., "%10s", ...) with SECURE_STRNCPY
  • nufw: whole code is documented using doxygen syntax
  • nufw and nuauth: use shorter syntax to display debug messages
  • nufw and nuauth: fixes to make them compile in strict ANSI mode with gcc (using -ansi option)
  • nufw and nuauth: fix memory leaks, some of them detected with the great tool Valgrind
  • nuauth: reorganize source code, split big functions in small sub-functions and move some functions in new files
  • nufw and nuauth: remove dead code and unused variables/macros
  • nufw and nuauth: use more explicit names for variables and structures, rename for example ’c’ to ’socket’
  • nuauth, module script: fix a security bug, quote script arguments
  • small changes to make flawfinder and rats tools happy
  • replace obsolete usleep() with nanosleep()
  • Introduce lock in tls code because gnuTLS is NOT really threadsafe (does NOT support thread sending on the same TLS session)
  • stronger security in mysql and postgresql modules: use secure_sprintf() instead of classic sprintf() and quote all user strings
  • stronger security in script module: quote all arguments
  • fix some minor bugs detected by Valgrind
  • check inet_ntop() and inet_addr() errors
  • small changes to make nufw and nuauth source code ANSI C compliant
  • fix gcc compilation flags: use -O0 in bug mode instead of -02, and detect all warnings with -Wextra (or -W for gcc < 4.0)
  • use pointer and not object during logging
  • bugfix: nuauth: don’t crash anymore if configuration file doesn’t exist
  • nuauth: fix gnutls problem (multithread writing and reading)
  • nuauth: multiple modules with separate conf
  • nuauth: stop threads (and thread pools) before exiting NuAuth. Use a mutex to ask a thread to stop. Each thread uses timeout of one second, and doesn’t use any blocking function anymore (use function with timeout instead: eg. use g_async_queue_timed_pop() instead of g_async_queue_pop())
  • nuauth: port of system_convert_username_to_lowercase option (from 1.0)
  • NuFW : ICMP reject via decision 3.
  • xml_defs : new module for periods definition
  • nuauth : add nuauth_module_certificate_check and nuauth_module_certificate_to_uid configuration variables (work sponsorised by EOLE)
  • x509_std : new module with standard check and function for nuauth_module_certificate_check and nuauth_module_certificate_to_uid
  • nuauth : modify config file parsing to avoid memory leak
  • nuauth : add option nuauth_debug_area to be able to specify logging area
  • nuauth: add Prelude IDS module which can log packet events and user session.
  • nuauth : new nuauth_reject_authenticated_drop option to choose if we drop or reject ACL that match IPV4 header but when user is not in the group.
  • nuauth : period checking is now done in main code (not in module anymore) to avoid problem with cache.
  • move conffile.h from src/nuauth/include to src/nuauth and suppress src/nuauth/include
Moderatie-faq Wijzig weergave

Reacties


Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True