A few weeks ago, I saw that snort needs to update to 2.8.4.1 (up from 2.6.1.3-r1), but with this update, it no longer has support for snortsam. This sucks! I posted a thread about this on the Gentoo forums, but no response yet. Because of this I’m not updating my production boxes, that use snortsam as part of it’s IPS. On a box that was running just snort, I had troubles getting it started. The whole thing left a unpleasant taste in my mouth.
Here are some relevant links about this:
http://forums.gentoo.org/viewtopic-t-764081-highlight-snort.html
http://bugs.gentoo.org/245752
A few weeks ago, I saw that snort needs to update to 2.8.4.1 (up from 2.6.1.3-r1), but with this update, it no longer has support for snortsam. This sucks! I posted a thread about this on the Gentoo forums, but no response yet. Because of this I’m not updating my production boxes, that use snortsam as part of it’s IPS. On a box that was running just snort, I had troubles getting it started. The whole thing left a unpleasant taste in my mouth.
Here are some relevant links about this:
http://forums.gentoo.org/viewtopic-t-764081-highlight-snort.html
http://bugs.gentoo.org/245752
This morning I saw that Mod_security wants to be updated. This looks to be a serious version change going from 2.1.2 to 2.5.9. I went ahead and updated this on two development servers. The rules changed, but other than that the upgrade went smooth. I’ll observe the behaviour and logs on these development boxes for a few days before pushing the changes to the production server. I’ve run into problems in the past with squid proxies interfacing with the mod_security’s file upload handling. Hopefully, these are all addressed now in 2.5.4.