07/07/2004: redWall 0.5.4 BUG FIX Release 0.5.4c released

A "major" bug in mysql (related to the environment on the cd) has been fixed in this release (again ;-) ... please upgrade any 0.5.4 release prior to 0.5.4c if you need mysql support !


07/07/2004 (Version: 0.5.4c)

- downgraded mysql to Version 4.0.18
- modified mkisofs options which should fix reported problems with booting the cd on certain PC's

01/07/2004: Version 0.5.4 RELEASED
Let's see what we've got in this release :-)
  • new kernel 2.4.26-ow2
  • small and tiny nms system (midas)
  • a lot of bug fixes (thanks to erol yildiz and cassiano surek for reporting them)
  • some additions (really nice tools !!) based on feedback of djbfan
  • improved restore-config
    you can now use the hard disk to store the bootconfig (and of course the configuration itself if you like )information.. Just adapt the save-config.conf file to your needs... Any device in /dev/discs and /dev/floppy/0 is valid (you can use the old device names if you like)!... During boot... The restore-config script searches all detected partitions and the /dev/fd0 for a valid "bootconfig"... If found it starts extracting the configuration based on the information gathered from the "bootconfig"
  • ftp server (very secure ftpd) in case you'd like to use the redWall as a webserver for instance :-)
  • central syslogging (using mysql and a web based syslog console)
  • a whole lot more... ;-)

Change log:

- performed various bugfixes
- Kernel 2.4.26-ow2

- upgraded clamav to version 0.74

- upgraded Shorewall to version 2.0.3a
- recompiled stunnel 4.05
- upgraded snort_inline to 2.1.3
- upgraded snort to 2.1.3
- upgraded snortsam to 2.24
- upgraded iptables to 1.2.11
- applied iptables patch-o-matic-ng-20040621 patches to kernel
- upgraded openswan to 2.1.4
- upgraded linux-wlan-ng to 0.2.1pre21
- added frox version 0.7.14

- upgraded quagga to version 0.96.5
- upgraded anomy-sanitizer to version 1.68
- upgraded bridge-utils to version 1.0.4
- upgraded clamav to version 0.73
- upgraded dnsmasq to version 2.9
- upgraded phpsysinfo to version 2.2
- upgraded webmin to version 1.150
- upgraded logwatch to version 5.2.2
- upgraded Shorewall to version 2.0.3
- upgraded webfwlog to version 0.87
- upgraded openvpn to version 1.6.0
- upgraded mysql to version 4.0.20
- upgraded dansguardian to version 2.7.7-9
- upgraded dcc-dccd to version 1.2.50
- upgraded OpenSSH to version 3.8p1
- upgraded openssl to version 0.9.7d
- upgraded delegated to version 8.9.5

- added pcmcia-cs 3.2.7 (PCMCIA Card Services)
- screen 4.0.2 (thanks to djbfan for suggesting it!)

(thanks to djbfan for suggesting these tools)
- added iptstate 1.3 (iptable state view)
- added mtr 0.58 (Traceroute)
- added ipkungfu 0.5.2 (firewall script with config files)

- fixed sarg bug (thanks to Salim David for reporting it)
- applied sarg sort patch
- added ucarp 1.0

- added MIDAS WebView 2.2f

- upgraded openswan to 2.1.2 final
- added php-syslog-ng 2.5.1
- added support for honeynet security console (http://www.activeworx.org/)

- added dhcpd.conf example in /etc/dhcpd (thanks to Scott Tully for reporting it)
- moved ipsec.conf and ipsec.secrets from /etc/ipsec.d back to /etc

- added syslog-ng 1.6.4
- added squidAnalyzer 3.0
- added vsftpd 1.2.2 (VerySecureFtp) to the game

- added the sensor_name option to all snort.conf files (mysql config)

05/05/2004: redWall 0.5.3 BUG FIX Release 0.5.3c released

A"major" bug in mysql has been fixed in this release... please upgrade any 0.5.3 release prior to 0.5.3c if you need mysql support !


5/05/2004 (Version: 0.5.3c)

(thanks to Erol YILDIZ for submitting bugs listed below!!)

- fixed a bug in /usr/bin/safe_mysql
- fixed clamd.pid path statement
- pushed snortcenter snort rules down to /etc
- fixed logrotate logrotation path for mysql

05/05/2004: Documentation updated / new fancy Screenshots added :-)

- I've just added some more screenshots of the current 0.5.3 release ! Check them out ! :-)
- Worked on the documentation, too.

05/05/2004: Version 0.5.3 RELEASED

- check out "/etc/redwall/save-config.conf" for all available options !
- try "save-config help" for save config instructions !
- try "restore-config help" for restore config instructions !

Change Log:

- added a "--help" option to the restore-config and save-config scripts !

- added wlan-ng 0.2.1-pre20

- upgraded to kernel 2.4.26-ow1
- updated ppp to 2.4.2
- updated pptpd to 1.2.0-b3
- openswan 2.1.2rc3
- added bootsplash
- applied ebtables-brnf-6_vs_2.4.26 patch to kernel
- applied mppe 0.99 patch to kernel
- applied recent pom patches from www.netfilter.org to the kernel

- updated Aris Extractor to Version 4.3
- updated razor agents to version 2.40
- updated dcc to version 1.2.45
- updated dansguardian to version 2.7.7
- updated snort and snort_inline to version 2.1.2 (2.0.6 still included !)

- updated ntop to version 3.0
- updated logwatch to version 5.1
- updated clamav to version 0.7
- removed squidguard webmin module (it was way to buggy)
- updated webmin to version 1.140
- updated mysql (server+client) to version 4.0.18
- updated squid to version 2.5.STABLE3
- updated openssl packages with latest up2date packages from redhat
- updated unzip
- updated grep
- updated Anomy sanitizer 1.67 (E-Mail sanitizing) to the distribution
- updated Shorewall to version 2.0.1
- updated stunnel to version 4.05
- updated dnsmasq to version 2.7

- added support for http://www.stearns.org/sa-blacklist to postfix
- add vconfig 1.8 (vlan config utility)
- added pyshaper 0.1.3 (Traffic Shaping) thanks to Cassiano Surek for suggesting it !
- added bandwidthd 1.2.1b (Bandwidth graphing)

- added unzip 5.50 to the game
- switched to devfs (no initrd needed anymore...)
- switched to tmpfs for (/etc /redwall.workdir and /var)

- changed the value of use_razor2 in /etc/mail/spamassassin/local.cf from 1 to 0
- uncommented use_razor2 in /etc/mail/spamassassin/local.cf

- added fetchmail 6.2.5 (pop/imap mail retrieval)
- added a few options / changes to the amavis and postfix configs

- added Anomy sanitizer 1.66 (E-Mail sanitizing) to the distribution

- added ss5 2.4 (Socks 5 Server)
- added delegate 8.9.2 (multi-purpose application level gateway)

- added "-i eth0" to /etc/darkstat/darkstat.conf
- fixed automatic certificate creation scripts in /etc/init.d (missing ssl_hostname variable!)
- fixed a problem with the ramdisk size

- added /dev/shm and /dev/pts to /etc/fstab
- moved ipsec.conf* and ipsec.secrets to /etc/ipsec.d
- added l2tpd 0.69

- changed [ -e /var/lock/subsys/snort* ] in the logrotate.d script of snort to [ -e /var/lock/subsys/snort_* ]
- added /var/log/firewall to ulogd logrotate.d script

- changed loglevel in /etc/amavis/amavis.conf to 2 (the spam and mail reporting script needs this info)

26/02/2004: Version 0.5.2 RELEASED

Change Log:

- added /var/log/firewall to /etc/logrotate.d/ulogd
- changed ipsec.conf to conform to the version 2 of FreeSwan

- changed /var/www/cgi-bin/dansguardian.pl a bit ;-)
- added privoxy config sample to /etc/squid/squid.conf (at the buttom)
- fixed typo in /etc/ipsec.conf
- fixed R/O problem in /usr/libexec/webmin/postfix/postfix-lib.pl
- disabled VRFY Command in postfix configuration
- changed myorigin to mydomain in postfix config
- upgraded to kernel 2.5.25-ow1
- upgraded freeswan to 2.05 (NAT-Traversal Patch 0.6b + X.509 Patch 1.5.2)

- switched from ethtool to mii-tool to detect the link in /etc/system/scripts/checklinks
- removed tabs from /etc/CA/ca
- changed user from amavis to root for the bayes learning script in /etc/crontab
- fixed iptraf problem (not able to save config and starting rvnamed)
- added "-c 1" to the klogd config in /etc/sysconfig/syslog
- remarked the serial console line in /etc/inittab (caused problems on pc's which had the serial port disabled)
- changed permissions ov /var/www/html* to 755
- added unicode.map to /etc/snort/2.1.0/*
- fixed a few minor settings in amavisd-new and spamassassin

- updated ifensalve utility to 1.0.12
- fixed "bug" in modules.conf (eth0 entry from development system removed)

21/02/2004: Version 0.5.1 RELEASED
nothing more to say !!.. ;-) ... check out the features page!

looking forward to the next 0.5.2 release !!

09/02/2004: We've got a few nice things "onboard" for the next release !!!

I'am currently updating the whole distribution like hell. Here are a few current additions:

- ebtables/bridgeutils (kernel based bridging and bridge-filtering)
- snortsam and snort_inline (block IDS Triggered attacks at you firewall !)
- ulog based iptables logging to a mysql database (Management Station !)
- dansguardian (Website blocking for squid)
- Spam filtering Package (using postfix / spamassassin)

see the features page for a detailed explanation of the additions incl. links to the corresponding websites !

If anyone knows of a good piece of software to be included in the next release, feel free to contact me !!

26/01/2004: New Release and a lot of work keeps on going !!
okay... i know... no relase at all.. for a looong time ;-)... but i'am currently updating the whole thing (software packages listed at the features page)... the new Version will be 0.5.1 ... with a lot of new features. No release date though, but i'll be putting beta versions online more often, until the "final" 0.5.1 release !
If anyone has some suggestions for some peace of software to be included for the next releae... feel free to contact me !!!

30/01/2003: Release date of Version 0.2 delayed
Due to some personal circumstances, the release Date of the new redWall Firewall Version has been delayed! Sorry for that guys !!... It's being a sad time since newyear, but check out the credits page! It's becoming better and better now :).... Soo you can expect a release date at ... lets say.. end of February !!
I really apologize that fact....

02/01/2003: Switched to ISOLINUX instead of SYSLINUX
Due to the bootdisk limitation of SYSLINUX (2.88MB MAX.) I've switched to ISOLINUX instead... hopefully the CD will still work on most computers :)

02/01/2003: Updated Webmin and removed the freeS/Wan module --> it was to buggy
  • New Webmin Version: 1.05
  • FreeS/Wan module removed (it's to beta)

01/01/2003: some TODO's done
Ok.. I've just finished some todo's:
  1. Everything is now running over SSL! The Webinterface (apache), ntop, ssh, webmin and even the locally running snortagent (snortcenter) are running through ssl encryption now! These Daemons automatically (re)create their keys on startup if they key is missing in their configuration folder! As for freeswan i didn't implemented that "feature" because you'll have to setup your own ca and certificates anyway the way you want and need it (Security is important here)! A good place to start is here: IPsec between FreeS/WAN and Windows 2000/XP or http://www.strongsec.com/freeswan/
  2. The default /var image now gets deployed only once (the script checks if /var/log is present). This prevents us from overwriting the default mysql databases coming with the cd in future boots if using a harddisk for instance! Although i still have to find a way to update the contents in /var in future releases!
  3. The Ntop link to the locally running ntop daemon (port 3000/SSL) on the webinterface is now created using the php command/string: $HTTP_HOST! I don't know php very well... but it should work just fine in most environments!
  4. ACID (PHP), CRON and LOGWATCH are now able to send their mails through email (see features page) which replaces sendmail! Many Thanks to Dean Jones (he's the guy who wrote email at http://www.cleancode.org) for writing a small Sendmail Wrapper using perl!


12/28/2002: Release date of Version 0.2
I'am currently waiting for some other Projects to reach a state, where they can be used! Therefore, the release of the new Version is hopefully in the middle of January 2003!

12/27/2002: save-config now checks the checksum of the file written
The save-config command on the old version of the redWall just saved the image of /etc to the floppy without even wondering if it has been written successfully. I had to realize that fact a few times... i saved the image to a weak floppy (the whole firewall configuration done)... and after a reboot i had to realize that the floppy was just a mess... rather than containing a valid /etc image. Result: do the whole setup procedure again! Nice ! :)

The save-config command on the new Version 0.2 will save the image first to /tmp, then it creates a checksum of that stored image. After that... it stores the image to the floppy... unmounts the floppy (so the data gets actualy written)... mounts the floppy again... checks the checksum... and report if the checksum isn't valid!

SourceForge.net Logo