Uploaded scandetd 1.1.4-beta7-1 (m68k) to erlangen

To: debian-devel-m68k-changes@lists.debian.org
Subject: Uploaded scandetd 1.1.4-beta7-1 (m68k) to erlangen
From: buildd@kullervo.informatik.uni-erlangen.de (Debian/m68k Build Daemon)
Date: Wed, 10 Jan 2001 16:01:54 +0100 (CET)
Message-id: <[🔎] m14GMl8-0004JjC@kullervo.informatik.uni-erlangen.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  4 Jan 2001 13:00:08 -0500
Source: scandetd
Binary: scandetd
Architecture: m68k
Version: 1.1.4-beta7-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon <buildd@kullervo.informatik.uni-erlangen.de>
Changed-By: Bradley Alexander <storm@debian.org>
Description: 
 scandetd   - Portscan detector for Linux.
Changes: 
 scandetd (1.1.4-beta7-1) unstable; urgency=low
 .
   * new format of HostLogIgnore (HostScanIgnore):
         source_IP:src_ports -> dest_IP:dst_ports
     for example:
         192.168.1.0/24:1024-65535 -> 192.168.1.1:1-1024,3306
 .
     Port specification allows to use port ranges, ie 1-1024
     If destination part (this after "->" sign) is omited then
     expression describes source IP and source ports.
     I think that PortLogIgnore could be removed because it can be written
     in new format, ie:
       PortLogIgnore 25,80
     is equal to:
       0/0 -> 0/0:25,80
     NO WHITESPACE IS ALLOWED IN THE PORT SPECIFICATION.
 .
   * added SyslogFacility which accepts all values described in openlog(3)
      (without LOG_ prefix)
   * added MailSubject with %p - protocol,%s - source IP, %d - dest IP
      (Closes #79811)
   * added FloodDetection (yes/no) whether connections to the same
      destination port should be skipped or not
   * added LogDetails (yes/no). If yes then logging is done in following
      format: source_IP (src_port) -> dest_IP (dest_port)
   * '-s' command line option - don't start the daemon, just show parsed
      config file
   * added LogOSFP (yes/no) for enabling logging OS fingerprinting probes
   * added OSFPSendMail (yes/no). Email contains gussed type of OS probe
      (currently 'nmap', 'queso' or 'unknown'), number of packets and
      TCP flags set in each packet
   * added log and mail limits. If scan/flood/OSprobe was logged (or email
      was sent) and host is still on internal list then there will be no
      second warning
   * added tracking of destination IP. If scan/flood were made to more than
      one IP then it will be noticed in log/email, ie:
      "Possible port scan from x.x.x.x to x.x.x.x (and others)"
   * drop priviledges code was improved and RunAsGroup was removed. Deamon
      will run as RunAsUser with group set to group to which 'RunAsUser'
      belongs
   * several bug fixes
Files: 
 3ba487a6d915697733c783fc0c16cd24 16330 net optional scandetd_1.1.4-beta7-1_m68k.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iEYEARECAAYFAjpcWxgACgkQcS3JWD3Fdvd0fgCePErqXhVjcFs0oRLnftwLIHVD
73kAnRlgerlWdb+fMNkNEHlapMDm6/Gg
=yfC0
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Uploaded noflushd 2.2-2 (m68k) to erlangen
Next by Date: Uploaded cfe 0.9-5 (m68k) to erlangen
Previous by thread: Uploaded noflushd 2.2-2 (m68k) to erlangen
Next by thread: Uploaded cfe 0.9-5 (m68k) to erlangen
Index(es):
- Date
- Thread