Software-update: Suricata 5.0.1

Versie 5.0.1 van Suricata is uitgekomen. Suricata is een opensource-network intrusion detection system (IDS), intrusion prevention system (IPS) en network security monitoring engine. Het kan worden gebruikt om netwerkverkeer te monitoren en een systeembeheerder een waarschuwing te geven als er iets verdachts wordt gesignaleerd. De Open Information Security Foundation coördineert de ontwikkeling, met hulp van de community en diverse fabrikanten. De met het op json gebaseerd logsysteem Eve verzamelde data kan onder meer met Logstash worden gebruikt om zo informatie grafisch weer te geven. De changelog voor deze uitgave ziet er als volgt uit:

Suricata 5.0.1 released

We’re pleased to announce Suricata 5.0.1. This release fixes a number of issues found in the 5.0 branch. There are still a number of open issues that we are working on. See our 5.0.2 target here.

Changes

• Bug #1871: intermittent abort()s at shutdown and in unix-socket
• Bug #2810: enabling add request/response http headers in master
• Bug #3047: byte_extract does not work in some situations
• Bug #3073: AC_CHECK_FILE on cross compile
• Bug #3103: –engine-analysis warning for flow on an icmp request rule
• Bug #3120: nfq_handle_packet error -1 Resource temporarily unavailable warnings
• Bug #3237: http_accept not treated as sticky buffer by –engine-analysis
• Bug #3254: tcp: empty SACK option leads to decoder event
• Bug #3263: nfq: invalid number of bytes reported
• Bug #3264: EVE DNS Warning about defaulting to v2 as version is not set.
• Bug #3266: fast-log: icmp type prints wrong value
• Bug #3267: Support for tcp.hdr Behavior
• Bug #3275: address parsing: memory leak in error path
• Bug #3277: segfault when test a nfs pcap file
• Bug #3281: Impossible to cross-compile due to AC_CHECK_FILE
• Bug #3284: hash function for string in dataset is not correct
• Bug #3286: TCP evasion technique by faking a closed TCP session
• Bug #3324: TCP evasion technique by overlapping a TCP segment with a fake packet
• Bug #3328: bad ip option evasion
• Bug #3340: DNS: DNS over TCP transactions logged with wrong direction.
• Bug #3341: tcp.hdr content matches don’t work as expected
• Bug #3345: App-Layer: Not all parsers register TX detect flags that should
• Bug #3346: BPF filter on command line not honored for pcap file
• Bug #3362: cross compiling not affecting rust component of surrcata
• Bug #3376: http: pipelining tx id handling broken
• Bug #3386: Suricata is unable to get MTU from NIC after 4.1.0
• Bug #3389: EXTERNAL_NET no longer working in 5.0 as expected
• Bug #3390: Eve log does not generate pcap_filename when Interacting via unix socket in pcap processing mode
• Bug #3397: smtp: file tracking issues when more than one attachment in a tx
• Bug #3398: smtp: ‘raw-message’ option file tracking issues with multi-tx
• Bug #3399: smb: post-GAP some transactions never close
• Bug #3401: smb1: ‘event only’ transactions for bad requests never close
• Bug #3411: detect/asn1: crashes on packets smaller than offset setting
• Task #3364: configure: Rust 1.37+ has cargo-vendor support bundled into cargo.
• Documentation #2885: update documentation to indicate -i can be used multiple times
• Bundle Suricata-Update 1.1.1
• Bundle Libhtp 0.5.32

Logstash Kibana gevoed met informatie van Suricata met json-output.