Shield update Version 8.3.5 with snort 2.9.9.0.2

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Shield update Version 8.3.5 with snort 2.9.9.0.2

Roadrunnere42
Here is the v1.51 SP1 + Hotfix Aug 13 2017 and the new snort 2.9.9.0.2 package i have included instructions  in the file below with pictures

Shield_update.odt

hotfix-Aug-13-2017.zip

I have been using this in router mode and it's rock solid

roadruunere42



Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

Turrican
thanks for this!!

Small typo in the guide, should be a space after the / in sh ./ ”install ipk packages and fw_upgrade.sh” - only reason I noticed was I copy/pasted, otherwise
everything went well and the update was successfull.  Not using the box any more but still like to keep it up to date :)

Great stuff, thanks to all who contribued.



Running Bridge Mode
v1.51 SP1 + Hotfix Mar 9
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

Garf
In reply to this post by Roadrunnere42
This is great, thanks all for all the work invested in this, much appreciated!
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

StyxUT
In reply to this post by Roadrunnere42
Thanks Brenda, Roadrunnere42, and user8446.  It's working perfectly.  
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

user8446
Administrator
This post was updated on .
Roadrunnre42,

Just saw this and took a look at your script and instructions.... very nicely done! You even added the material design GUI and openSSL, nice! You can take out lines 63-65 though as the DNS preprop is not used, and that's one less processor that the packets have to cycle through.

In bridge mode for ~8 mos. or so and not one reboot... this is extremely reliable and stable.

Thank you again for putting it together and thanks to Breda for sourcing the upgraded packages.
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

user8446
Administrator
Here is an updated snort config for bridge mode that I have been running on v2.9.9.0. There are improvements throughout especially a misconfig in the http_inspect section where there were no caps set - probably the biggest cause of the snort restarts.

Further reading:

https://www.snort.org/faq/readme-http_inspect

snort_bridge.conf
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

Randymandy
Hi All,,
First a big Thanks to Roadrunner42 for making the update & Hotfix available (plus easy to implement)
My question is do I need to apply the update twice?
I applied it for Router mode and everything went well, however when I switched to Bridge mode (with reboot, to try it out)
The update & hotfix was gone, as to my previous settings...  wtf... So I switched back to Router mode, and everything was
back in place... ? Hmm...  Did I do something wrong? or is it so that I have to apply the patch in both modes?
I'm a little nervous to go any futher...
clarification would be appreciated
Reply | Threaded
Open this post in threaded view
|

Re: Shield update Version 8.3.5 with snort 2.9.9.0.2

Roadrunnere42
Hi Randymandy

The Shield has three modes Router, Gateway and Bridge when you switch between then via the switch on the front, this allows the Shield to have three different boot images, so anything you do in rout mode says in route mode . This is by design so any updates in route mode is only for the route mode, this is a blessing because if you mess things up you can switch to a different mode and sort things out.

Just switch to which mode best fits your needs and then update.

Roadrunnere42