I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new features:
- Snort module with community rules
- self-contained snort module will all the community rules and configuration file, this’ll generate alerts into a file after reading the pcap file. I wasn’t sure whether to use community or bleeding edge rules, it’s still easy to point the snort module to your own snort.conf file and do it that way.
- Exec command will do substitution now on the following variables:
- ${PCAP_FILE}
- ${PCAP_BASE}
- ${MODULE_DIR}
- ${OUTPUT_DIR}
- This’ll let you do something like “
exec tcpdump -X -n -r ${PCAP_FILE}“ - In addition, exec now logs all the commands run into the regular logfile
- The ‘logfile’ command, real simple, just specifies a new logfile
- Whitespace is handled much much better, there were a lot of bugs with whitespace being handled correctly for the “set” command (among others), it should be handled much better now.
- Category loading now handles non-files much better, before, if you left a “CVS” directory in the categories folder, it would read it but when it went to do a “toggle all”, it would error out, this has been fixed.
- Lots of bugfixes
You can grab the new version here:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.3-DEVEL.tar.gz
It’s definitely stable enough for daily use, highly recommended over the older versions. I’m still hoping to get cvs-web interface up to be able to browse the code.
4 Comments
January 1, 2008 at 2:39 pm
[...] Read the rest of this great post here [...]
January 2, 2008 at 12:35 am
[...] wrote an interesting post today on Development version of nsm-console (0.3-DEVEL)Here’s a quick [...]
January 5, 2008 at 9:33 pm
[...] version of nsm-console used in the screencast is the 0.3-DEVEL [...]
March 30, 2008 at 6:03 pm
[...] version of nsm-console used in the screencast is the 0.3-DEVEL version. UPDATE: Version 0.3 is now [...]