Date: 01 Aug 2002 20:01:57 +0200 From: Yoann Vandoorselaere <yoann@prelude-ids.org> To: prelude-user@prelude-ids.org Cc: prelude-devel@prelude-ids.org Subject: [ANNOUNCEMENT]: Prelude Hybrid IDS suite 0.8.0 released Message-ID: <1028224917.15453.101.camel@alph>
next in thread | raw e-mail | index | archive | help
--=-9qMsoUyut8ZSD3PB4cKn
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Prelude... before the tempest.
=3D=3D=3D=3D=3D=3D[ Prelude Hybrid IDS suite 0.8.0 released ]=3D=3D=3D=3D=
=3D=3D
The Prelude team is pleased to announce the public release of version
0.8.0 of the Prelude Hybrid Intrusion Detection System.
------[ What is Prelude IDS ? ]------
Prelude is a new innovative hybrid intrusion detection system designed
to be very modular, distributed, rock solid and fast.
Prelude has been started in 1998 as a network intrusion detection
system, coded entirely from scratch. Recently the project has evolved
towards a fully hybrid intrusion setection system, integrating both=20
network- and host-based intrusion detection techniques.=20
Currently main development platforms are Linux and FreeBSD on x86.=20
It was also tested on Linux on PPC, Alpha, IA-64 (Itanium) and Sparc=20
hardware platforms. It should also work with other *BSD systems.=20
Prelude is licensed under the terms of the GNU General Public License
version 2.
Prelude website is located at http://www.prelude-ids.org/
------[ What's new since 0.4.2 ? ]------
Hybrid means that Prelude now acts as both a network IDS and as an
host based IDS. To achieve this goal components have been splitted and
reorganized to give an even more modular and distributed design.
The new components scheme is described in the Documentation section of
the Prelude website. The new Prelude release as well as the release
notes are available from the Download page.
Description of changes since version 0.4.2 is given below for each
module.
Watch out, here we come.
------[ Prelude IDS 0.8.0 components ]------
*** Libprelude
* Description:
Prelude Library is a collection of generic functions providing
communication between the Prelude Hybrid IDS suite's components. It
provides a convenient interface for sending alerts to Prelude Manager
with transparent SSL, fail over and replication support, asynchronous
events and timer interfaces, abstracted configuration API (hooking at
command line, configuration line or wide configuration, available from
the Manager) and generic plugin API. By using libprelude, you can
easily turn your favorite security program into a Prelude sensor.
* Changes since last version:
Initial release. Work has been done towards good portability and sharing
of functionnality between Prelude Sensors.
*** Prelude NIDS
* Description:
Prelude NIDS is the network-based sensor program part of the Prelude
Hybrid IDS suite. It provides network monitoring along with fast pattern
matching (Boyer-Moore only currently) in order to detect attacks against
your network. It includes advanced mechanisms such as generic signature
engine which is able to understand any ruleset as long as there is a
dedicated parser (Snort only currently); protocol and detection analysis
plugins featuring Telnet, RPC, HTTP and FTP decoding and preprocessors
for cross-platform polymorphic shellcodes detection, ARP misuse
detection and scanning detection. It completly supports IP fragmentation
and TCP segmentation to track connections and detect stateful events.
* Changes since last version:
TCP stream reassembly (fragroute and stick/snot attacks proof); HTTP
IIS unicode and UTF8 support; Polymorphic shellcode detection; TCP/IP
checksums; Support latest Snort ruleset; Handles rule rev, content-list,
and sid; IDMEF Alert carries more information about the analyzer, alert
severity, etc; IDMEF Heartbeat support; Promiscuous mode can be
disabled;=20
Proper implementation of the pcap zero copy patch; Avoid polling the
captured device when possible; Capture from Linux cooked devices; Ported
to *BSD systems, corrected handling memory alignment and endianess
issues (works gracefully on non x86 architectures).
*** Prelude Manager
* Description:
Prelude Manager is the main program of the Prelude Hybrid IDS suite.
It is a multithreaded server handling connections from the different
sensors. It is able to register local or remote sensors, let the
operator configure them remotely, receive alerts, store alert in a
database or any formats supported by reporting plugins (MySQL,
PostgreSQL and simple text plugins currently) thus providing centralized
logging and analysis. It also provides relaying capabilities for
fail-over and replication. IDMEF standard is used for alert
representation. Support for filtering plugins allows you to hook in
different places of the Manager to define custom criteria for alert
relaying and logging.
* Changes since last version:
Previously known as Prelude Report Server; High performance sensors
server; Thread safe SSL suport; support for PostgreSQL and MySQL
databases; support for filtering plugins; relaying between manager;
IDMEF compatibility; Ported to *BSD systems, corrected handling memory
alignment and endianess issues (works gracefully on non x86
architectures).
*** Prelude LML
* Description:
Prelude LML (Log Monitoring Lackey) is the host-based sensor program
being a part of the Prelude Hybrid IDS suite. It can act as a
centralized log collector for local or remote systems, or as a simple
log analyzer (such as swatch). It can run as a network server listening
on syslog port or analyze log files. It supports logfile in the BSD
syslog format and is able to analyze any logfile by using the powerful
PCRE library. It also can apply logfile specific analysis through
plugins such as PAX.
The current signature ruleset currently support FreeBSD's IPFW logs,
Linux 2.4's NetFilter logs, Cisco and Zyxel routers' logs, GrSecurity's
logs, PaX's logs and common unix logfiles. Finally, it sends alert to
the Prelude Manager when a suspicous log entry is detected.
* Changes since last version:
Initial release.
*** Prelude PHP Frontend
* Description:
Prelude PHP Frontend is a web-based administrative console for the
Prelude Hybrid IDS suite. It is a collection of PHP scripts based on
Apache with mod_php, and with AdoDB and PHPlot libraries. It can access
alerts stored in the database using standard SQL requests locally or
remotely. Then you can visualize IDMEF alerts and generate charts and
statistics. The frontend also provides simple manual forensic analysis
and correlation capabilities by using visualization filters.
* Changes since last version:
Initial release.
------[ Getting the release ]------
Prelude IDS 0.8.0 can be downloaded form our website:
http://www.prelude-ids.org/index.php?page=3D12
*** Release files MD5 sums
5295bdd47350cc52a9ff2bd8224a6c3d libprelude-0.8.0.tar.gz
9a37078364e35622ee6378e5efeb870a prelude-lml-0.8.0.tar.gz
a4d96266d058d88c47eb539c20004b0f prelude-manager-0.8.0.tar.gz
29763787d403bfd380048b2c82402272 prelude-nids-0.8.0.tar.gz
9ed057651102146e5de36c990474eeff prelude-php-frontend-0.8.0.tar.gz
------[ Credits for this release ]------
* Yoann Vandoorselaere (Main developer / project author -
Prelude-NIDS, Prelude-Manager, Prelude-LML, Libprelude)
* Gilles Seguin (Prelude PHP Frontend)
* Vincent Geay (Prelude PHP Frontend)
* Alexandre Launay (Prelude-LML : Prelude Log Monitoring Lackey)
* Pierre-Jean Turpeau (Prelude-LML : Prelude Log Monitoring Lackey)
* Krzysztof Zaraska (FreeBSD port, bugfixes, Manager debuging
plugin)
* Sylvain Gil (Makefile / Autoconf subsystem work, Database plugins
support)
* Laurent Oudot (Tcp Window key support, Database IDMEF support,
frontend work)
* Vincent Glaume (TCP stream reassembly work, TCP/IP checksum,
bugfixes)
* Baptiste Malguy (bugfixes, flex work, db work, counter measure
work)
* Arnaud Guignard (Prelude-LML signature engine work)
* Philippe Biondi (Libqsearch implementation)
------[ Contributors ]------
* Yann Droneaud (Autoconf/Automake work, Prelude beta testing and
debugging)
* Sebastien Tricaud (Prelude FAQ)
* Daniel Polombo (Prelude HOWTO, Installation help)
* Michael Samuel (Prelude LML conceptual work)
------[ Artwork ]------
* Marchand Thierry (official Prelude artist, logo conceptor)
* Odile Darmet (Website)
--=20
Yoann Vandoorselaere
http://www.prelude-ids.org
--=-9qMsoUyut8ZSD3PB4cKn
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA9SXeV4tfUv0C+vv8RAmOtAJ43zLqTbe+bDO7goE1NhZbDS1wryACdEpGZ
iKFr4tUoWSAKGemHofU35PY=
=Vb3B
-----END PGP SIGNATURE-----
--=-9qMsoUyut8ZSD3PB4cKn--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1028224917.15453.101.camel>