From karren.sulliver at gmail.com Sun Mar 4 13:07:26 2007 From: karren.sulliver at gmail.com (Karren Sulliver) Date: Sun, 4 Mar 2007 08:07:26 -0500 Subject: [Fedora-music-list] update Message-ID: <4b1e4fc0703040507i647fc47fwea12be396835273c@mail.gmail.com> Hello, I would like to include a rule when another is triggered, for example: If this rule is triggered: drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware Gator/Clarian Agent"; flow: to_server,established; uricontent:"/gbsf/gd/ne/new.net.gtrg2ze"; nocase; classtype: policy-violation; reference:url, www3.ca.com/securityadvisor/pest/content.aspx?q=67999; sid: 2001306; rev:5;) I would like to also trigger this rule for n minutes/seconds: drop tcp any any -> any 80 (classtype:attempted-user; msg:"Port 80 connection initiated";) I've looked at the tagging option for rules but I need to drop them, not just log them. Any ideas? http://www.webservertalk.com/archive251-2005-12-1314914.html http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004607.html http://www.webservertalk.com/archive251-2005-12-1309708.html http://lists.ibiblio.org/pipermail/cc-licenses/2006-December/004731.html http://lists.ibiblio.org/pipermail/cc-licenses/2004-June/000915.html http://9fans.net/archive/2005/04/4 http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004203.html http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001764.html http://www.webservertalk.com/archive251-2005-10-1221632.html http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004360.html http://lists.ibiblio.org/pipermail/cc-licenses/2006-October/004454.html http://9fans.net/archive/2005/04/251 http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html http://lists.ibiblio.org/pipermail/cc-licenses/2005-March/001765.html http://lists.ibiblio.org/pipermail/cc-licenses/2007-January/004931.html http://root.cern.ch/root/roottalk/roottalk05/2994.html http://root.cern.ch/root/roottalk/roottalk05/2578.html http://root.cern.ch/root/roottalk/roottalk04/2681.html http://9fans.net/archive/2005/04/366 http://root.cern.ch/root/roottalk/roottalk05/2439.html http://root.cern.ch/root/roottalk/roottalk05/0505.html http://sourceforge.net/mailarchive/message.php?msg_id=8539894 http://sourceforge.net/mailarchive/forum.php?thread_id=5617912&forum_id=9566 http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000417.html http://lists.us.dell.com/pipermail/dkms-devel/2005-March/000309.html http://www.webservertalk.com/archive251-2005-10-1222482.html Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). Sguil version 0.6.0 contains two significant differences from previous versions. The first difference is the use of the mysql MRG_MyISAM (MERGE) engine for the sancp, event, *hdr, and data tables. With the MERGE engine, it is possible to keep hundreds of millions of rows of data active and online and still be functional (queries to the DB are reasonably responsive). The use of MERGE and the associated schema makes backing up and restoring data amazingly simple and quick. The UPGRADE text in the sguil-0.6.0/doc directory of the source contains more detail as well as upgrade instructions. The second major change was to the sguil output plugin for barnyard (op_sguil) and the communications structure between the sensors and sguild. Op_sguil now uses tcl libraries and sends data via localhost to the sensor's agent. All communications between the sensor and sguild now flow thru sensor_agent. This means the mysql libraries are no longer needed on the sensors. Since barnyard does not need to be compiled with mysql support, op_sguil (barnyard) and mysql 4+ may be used together without any license conflicts. http://lists.us.dell.com/pipermail/dkms-devel/2005-December/000425.html http://lists.ibiblio.org/pipermail/cc-licenses/2005-December/003059.html http://comments.gmane.org/gmane.comp.java.junit.announce/110 http://9fans.net/archive/2006/08/6 http://9fans.net/archive/2005/03/82 http://9fans.net/archive/2006/08/146 http://blog.gmane.org/gmane.comp.java.junit.announce http://9fans.net/archive/2006/05/12 http://9fans.net/archive/2005/03/97 http://9fans.net/archive/2006/05/131 http://segate.sunet.se/cgi-bin/wa?A2=ind0409&L=handikapp&P=23681 http://www.tutorials-blog.com/plan9/plan9-26.html http://9fans.net/archive/2006/05/255 http://www.arcknowledge.com/gmane.comp.lang.c++.root/2004-09/threads.html http://www.webservertalk.com/archive251-2005-10-1236635.html http://news.gmane.org/group/gmane.comp.java.junit.announce/last=/force_load=t http://9fans.net/archive/2006/05/274 http://marc.10east.com/?l=mysap-linux-general&r=1&b=200503&w=1 http://www.webservertalk.com/archive251-2005-9-1188388.html http://www.webservertalk.com/archive251-2004-9.html http://www.webservertalk.com/archive251-2005-9-1217604.html http://9fans.net/archive/2006/12/141 have just patched snort 2.3.3 with ClamAV-2.3.3-1.diff and it doesn't seem to work as advertised. I have the following preprocessor line preprocessor clamav: ports all !20 !22 !443, toclientonly, dbdir /var/ftp/pub/tools/clamav-devel/share/clamav/, dbreload-time 43200, file-descriptor-mode I strace'd snort while downloading EICAR.COM and the klez virus from a remote HTTP server - the strace shows the daily.* files being loaded - which tells me ClamAV is being enabled - but nothing got detected. I even ran tcpdump on the same interface and can see the HTTP download - so it's definitely not a wiring issue either. I can see tonnes of /tmp/snort_inline-clamav-XXXXXX files being created, opened,closed and unlinked - but no virus was detected. The summary that is outputted when snort exits shows zero alerts - and nothing shows up via the syslog or mysql output processors I use. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chitlesh at fedoraproject.org Mon Mar 12 00:06:35 2007 From: chitlesh at fedoraproject.org (Chitlesh GOORAH) Date: Mon, 12 Mar 2007 01:06:35 +0100 Subject: [Fedora-music-list] fedora kernel ? or CCRMA kernel ? Message-ID: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> Hello there, Last weekend, I talked to someone at Cheminitz Linuxtag who was interested with real time music editing on desktop computers. I was unable to answer him whether he can use fedora kernels to do so or to use the CCRMA's kernel. Can anyone shed any light on this light . I'll mail him with the answer Chemnitz Linuxtag: my report: http://clunixchit.blogspot.com/2007/03/chemnitz-linuxtag-my-report.html#links He was quite interested with the article http://www.redhatmagazine.com/2007/02/15/professional-audio-with-fedora-core-6/ regards Chitlesh -- http://clunixchit.blogspot.com From nicholasmanojlovic at gmail.com Mon Mar 12 00:22:45 2007 From: nicholasmanojlovic at gmail.com (nicholas manojlovic) Date: Mon, 12 Mar 2007 11:22:45 +1100 Subject: [Fedora-music-list] fedora kernel ? or CCRMA kernel ? In-Reply-To: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> References: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> Message-ID: <45F49D55.1030406@gmail.com> Chitlesh GOORAH wrote: > Hello there, > > Last weekend, I talked to someone at Cheminitz Linuxtag who was > interested with real time music editing on desktop computers. I was > unable to answer him whether he can use fedora kernels to do so or to > use the CCRMA's kernel. > > Can anyone shed any light on this light . I'll mail him with the answer > > Chemnitz Linuxtag: my report: > http://clunixchit.blogspot.com/2007/03/chemnitz-linuxtag-my-report.html#links > > > He was quite interested with the article > http://www.redhatmagazine.com/2007/02/15/professional-audio-with-fedora-core-6/ > > > regards > Chitlesh Real-time editing is functional and useable with the stock Fedora kernels, and good results are achievable, however some basic admin is required. One needs to edit pam limits.conf. Audio applications are available in the Extras repository. From nando at ccrma.Stanford.EDU Mon Mar 12 02:16:06 2007 From: nando at ccrma.Stanford.EDU (Fernando Lopez-Lezcano) Date: Sun, 11 Mar 2007 19:16:06 -0700 Subject: [Fedora-music-list] fedora kernel ? or CCRMA kernel ? In-Reply-To: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> References: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> Message-ID: <1173665766.13149.25.camel@cmn3.stanford.edu> On Mon, 2007-03-12 at 01:06 +0100, Chitlesh GOORAH wrote: > Last weekend, I talked to someone at Cheminitz Linuxtag who was > interested with real time music editing on desktop computers. I was > unable to answer him whether he can use fedora kernels to do so or to > use the CCRMA's kernel. > > Can anyone shed any light on this light . I'll mail him with the answer > > Chemnitz Linuxtag: my report: > http://clunixchit.blogspot.com/2007/03/chemnitz-linuxtag-my-report.html#links > > He was quite interested with the article > http://www.redhatmagazine.com/2007/02/15/professional-audio-with-fedora-core-6/ The stock Fedora Core kernel is usable if you don't have requirements for low latency (ie: if you are not working, for example, with instruments you want to trigger in realtime). Probably running Jack with the default 1024 frame buffers is going to work (at least most of the time) but that translates into a roundtrip latency of about 42mSec at 48KHz, hardly "realtime". If you want the best realtime performance it is not going to be enough. Which means you will get xruns if you use it, more or less of them depending on your hardware and sofware configuration. The Planet CCRMA kernel is stock linus plus Ingo Molnar's realtime preemption patches configured with PREEMPT_RT, which offers the best low latency performance but might still suffer from problems in specific hardware configurations - there's a lot of broken hardware out there and in some cases you may not be able to boot or may have to, for example, turn off acpi, but that has not happened to me lately in my limited tests. So, for low latency you should use that (either from the Planet CCRMA repo or directly from Ingo's repo). The Planet CCRMA core packages add a few things other than the kernel. The realtime preemption patch splits the interrupt request handling in two parts, the lower half of them running at SCHED_FIFO priority. For best performance you should tune your interrupt scheduling priority so that your soundcard (and related hardware) has the highest, Jack itself is in between, and the rest of the interrupts are below Jack in priority (it is more complicated than that but you get the idea). For that Planet CCRMA adds the "rtirq" startup service (by Rui Nuno Capella) that tunes the interrupts at boot time. In addition the Jack package in Planet CCRMA tweaks jackd to run with a basic priority of 60, which fits with the realtime preemption patch defaults and the tuning done by rtirq. This won't make a difference if you boot into the Fedora kernel but tunes the realtime preemption system for best performance. Last but not least, if you want to run jackd with realtime priority (the only sensible way to run it in either kernel) as a non root user you need to tweak /etc/security/limits.conf. Planet CCRMA includes a patched pam that automatically grants all users permission to lock memory and use SCHED_FIFO (and, of course, DOS the machine if they want to :-). That's about it, I think. As of a few days ago you can install the whole sheebang (if you are pointing to the Planet CCRMA repo) on i386[*] with "yum install planetccrma-core". Hope this helps clarify things a bit more... -- Fernando [*] I still have to do pam packages for x86_64, other than that it installs as well. From chitlesh at fedoraproject.org Tue Mar 13 12:06:12 2007 From: chitlesh at fedoraproject.org (Chitlesh GOORAH) Date: Tue, 13 Mar 2007 13:06:12 +0100 Subject: [Fedora-music-list] fedora kernel ? or CCRMA kernel ? In-Reply-To: <1173665766.13149.25.camel@cmn3.stanford.edu> References: <13dbfe4f0703111706q772f156nf3ee798bfcd1bc4d@mail.gmail.com> <1173665766.13149.25.camel@cmn3.stanford.edu> Message-ID: <13dbfe4f0703130506y188ef367t153c5fbf047e5ba0@mail.gmail.com> Hello, Thanks both of you, I'll contact the "visitor" and convey him your points :) regards, Chitlesh -- http://clunixchit.blogspot.com From joakim at verona.se Wed Mar 14 13:17:42 2007 From: joakim at verona.se (joakim at verona.se) Date: Wed, 14 Mar 2007 14:17:42 +0100 Subject: [Fedora-music-list] csound-manual rpm Message-ID: The csound-manual rpm seems to contain a subset of the csound manual. Is the rest somewhere else? For examle, index.html is missing, and oscil.html. -- Joakim Verona From green at redhat.com Wed Mar 14 18:33:50 2007 From: green at redhat.com (Anthony Green) Date: Wed, 14 Mar 2007 11:33:50 -0700 Subject: [Fedora-music-list] csound-manual rpm In-Reply-To: References: Message-ID: <1173897230.3583.3.camel@localhost.localdomain> On Wed, 2007-03-14 at 14:17 +0100, joakim at verona.se wrote: > The csound-manual rpm seems to contain a subset of the csound manual. > Is the rest somewhere else? > > For examle, index.html is missing, and oscil.html. Please file a bug report at http://bugzilla.redhat.com. Thanks! AG