Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 341951 - Hardened prelude page outdated
Summary: Hardened prelude page outdated
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: The Gentoo Linux Hardened Team
URL: http://www.gentoo.org/proj/en/hardene...
Whiteboard:
Keywords: PMASKED
Depends on:
Blocks: Hardened_Docs
  Show dependency tree
 
Reported: 2010-10-21 02:32 UTC by John Sennesael
Modified: 2018-01-26 23:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Sennesael 2010-10-21 02:32:01 UTC
Someone please update (or delete) the prelude page under the hardened project website.

http://www.gentoo.org/proj/en/hardened/prelude-ids.xml

It is hopelessly outdated, with the last update 7 years ago. It speaks of piwi which doesn't even exist anymore and has evolved into prewikka.

The unofficial gentoo wiki pages are even more up-to-date : 
http://www.gentoo-wiki.info/Prelude

Yet when googling gentoo prelude the hardened page is the first result.
It reflects poorly on the hardened project to have such outdated information, especially in an industry where keeping up-to-date is critical.



Reproducible: Always

Steps to Reproduce:
1.Visit http://www.gentoo.org/proj/en/hardened/prelude-ids.xml
2.
3.

Actual Results:  
Outdated obsolete information

Expected Results:  
More up-to-date information
Comment 1 Agostino Sarubbo gentoo-dev 2010-10-21 09:28:33 UTC
afaik, The team is committed to addressing several bugs, then put the update of documents in "close-up"
Comment 2 Francisco Blas Izquierdo Riera gentoo-dev 2010-11-25 23:07:29 UTC
Hi, I'm sorry I missed this one before.

AFAIK there is no body able to update this docs, and although I see no problem in marking it as an outdated doc I think updating it would be a better idea.

If you have time, can you provide new texts for the doc? I don't know a thing about prelude (not sure if any other active member of the project does) so I can't write on it, but I can adapt the texts you provide to the XML fromat used on the docs.

Thanks :D
Comment 3 John Sennesael 2012-08-19 04:17:59 UTC
Hello,

I missed your reply as well Francisco,... ;)
I guess 2 years late is better than never...

I see flameeyes has masked prelude now.

Basically, prelude has been inactive for 2 years, and now suddenly they made a release, after the company has been purchased...

Around the time this bug was filed, I was working with klondike to try and get some documentation written, and we stumbled on several bugs. We filed a report upstream, with patch, to which there hasn't been any response to date.

Prelude seemed to be dying off, I'm not sure if this new purchase of the software by a new company will change things. flameeyes' comments summarize the situation pretty well:

# /usr/portage/profiles/package.mask:
# Diego Elio Pettenò <flameeyes@gentoo.org> (18 Aug 2012)
# Pending removal on 18 Sep 2012.
# Prelude OSS has moved, a new release is out but even their SSL
# certificate is broken; multiple issues: bug #318839 334437 344955
# 350389 365353 388825 424307. Requires a dedicated maintainer.


I still think it would be of benefit to the hardened project to provide some documentation of an IDS setup, if not prelude, something else.

I would be willing to write documentation, as I need to finish an IDS setup for work anyway.

The question is, is it worth doing this for prelude or not.

I'm going to wait and see where the project goes, and if it is in a positive direction, I'd be willing to give it a try and maybe write some new ebuilds for it, and documentation...
Comment 4 Magnus Granberg gentoo-dev 2012-09-18 14:46:47 UTC
(In reply to comment #3)
> Hello,
> 
> I missed your reply as well Francisco,... ;)
> I guess 2 years late is better than never...
> 
> I see flameeyes has masked prelude now.
> 
> Basically, prelude has been inactive for 2 years, and now suddenly they made
> a release, after the company has been purchased...
> 
> Around the time this bug was filed, I was working with klondike to try and
> get some documentation written, and we stumbled on several bugs. We filed a
> report upstream, with patch, to which there hasn't been any response to date.
> 
> Prelude seemed to be dying off, I'm not sure if this new purchase of the
> software by a new company will change things. flameeyes' comments summarize
> the situation pretty well:
> 
> # /usr/portage/profiles/package.mask:
> # Diego Elio Pettenò <flameeyes@gentoo.org> (18 Aug 2012)
> # Pending removal on 18 Sep 2012.
> # Prelude OSS has moved, a new release is out but even their SSL
> # certificate is broken; multiple issues: bug #318839 334437 344955
> # 350389 365353 388825 424307. Requires a dedicated maintainer.
> 
> 
> I still think it would be of benefit to the hardened project to provide some
> documentation of an IDS setup, if not prelude, something else.
> 
> I would be willing to write documentation, as I need to finish an IDS setup
> for work anyway.
> 
> The question is, is it worth doing this for prelude or not.
> 
> I'm going to wait and see where the project goes, and if it is in a positive
> direction, I'd be willing to give it a try and maybe write some new ebuilds
> for it, and documentation...
The page is removed from the cvs tree and is only on the hardened-doc overlay
I think we should use some diffrent IDS setup then prelude but i don't now what
IDS setup to use.
So any IDS setup that look intresting?
Comment 5 Tully Gray 2012-10-05 07:55:12 UTC
I've been meaning to try Bro <http://www.icir.org/vern/papers/bro-CN99.html> and OSSEC <http://www.ossec.net/> which I tested breifly with the Security Onion distro.
Comment 6 Thomas ANDREJAK 2018-01-26 22:07:00 UTC
Is it possible to close this ticket ?

Prelude is now up to date in portage and the upstream website (https://www.prelude-siem.org) is up.