IntelMQ-dev March 2016

intelmq-dev@lists.cert.at

6 participants
8 discussions

Deb Packages for Ubuntu
by Dustin Demuth 25 Apr '16

25 Apr '16

Hey Folks, Sascha has been sucessful in creating *.deb Packages for intelmq and intelmq-manager. They work on Ubuntu 14.04. (with a little bit of tweaking) If you are interested in packages, have a look at: https://github.com/Intevation/intelmq/tree/deb-packaging and https://github.com/Intevation/intelmq-manager We needed to downgrade[1] a bunch of packages in intelmqs setup.py. ** Some testing will be required. ** Some packages are _not_ available in Ubuntu 14.04 but they can be installed from 15.10: - python3-redis_2.10.3-3ubuntu1 - python3-tz_2014.10dfsg1-0ubuntu2 - python3-termstyle_0.1.10-1 - python3-unicodecsv_0.13.0-2 The package intelmq-manager depends on intelmq. The dependency on sudo still exists. Packages do not follow the Debian packaging guidelines. Which must be improved. [1] https://github.com/Intevation/intelmq/commit/81b6af9ef0d08c4c6726e4c4feeaa8… BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

3 5

Monthly newsletter 3/2016
by L. Aaron Kaplan 24 Mar '16

24 Mar '16

= Intelmq-dev-news Issue 3/2016 == Topics == # First Developer News # IHAP meeting in April # Status update Intevation # Status update community == March 2016 == Hi Folks, this is the first issue of intelmq developer news. [[https://github.com/aaronkaplan/|Aaron]] and [[https://github.com/dmth/|Dustin]] plan to send this newsletter on a monthly basis now. We intend to achieve the following: * Generate a "helicopter view" for all developers. Everyone should be capable of knowing what is planned for the next iterations of intelmq and which challenges community and software are currently facing. * Reduce the risk of parallel implementation of features * Foster improvements of the software * Create the possibility to discuss === How to contribute to this newsletter? === -> contact Aaron, Dustin for future input === Rules === In case you feel the urge to discuss a topic of this newsletter (which is what we intend!), please create a new post on this mailing list, in which you refer to this newsletter. For the sake of finding infos quickly: please start a separate thread in this case instead of answering to this mail. Thank you. === Frequency === The planned frequency is one newsletter / month. === Status report Intevation === * Started to created *.deb packages. We "successfully" created *.deb packages for the intelmq-manager. There are some warnings left, for example for the fonts. The core is still work in progress. * We refactored the existing code of the XMPP bot. It still has to be tested with existing feeds. * Currently we are spending most of our time on a local database to store abuse contacts and rules on how to notify them. * We suggest to modify intelmq_psql_initdb.py in order to support PostgreSQLs native JSON data type. * Currently working on a concept for integration tests. * Started to map AbuseHelper and IntelMQ semantics. === Status report Community developments === * python3 only? Currently there is a discussion to drop the support for python2. In case there are no objections until end of March 2016, we will continue and move to python3 only. This simplifies a lot. Last chance to object * [[https://github.com/certtools/intelmq/commit/04ccc93340158cc7f6aaf3900cde78b… csv parser]] by [[https://github.com/robcza|robcza]] * [[https://github.com/certtools/intelmq/pull/455|ftp(s) bot]] submission by [[https://github.com/robcza|robcza]] * thx to [[https://github.com/sebix|sebix]], abusix now seems to support [[https://github.com/certtools/intelmq/commit/e66effaa844977aabe38b1d54227c81…]] * interesting discussion on running bots via cronjob: https://github.com/certtools/intelmq/issues/464 * We would like to change the syntax of intelmqcli to a new format: intelmqctl {start,stop} bot_id. Unless there are major objections we will continue. Note well: this will break compatibility with scripts. * IHAP meeting in April: if you want to attend and have not registered yet, get in contact with Aaron pls. * discussions on how to make intelmq-manager more useful: add events/sec (rate), failed events/sec (failure-rate), total failed events/sec as extra columns in the monitoring page. * if you are using the n6stomp bot, there were some hick-ups upstream. You might have to restart your n6stomp bot. == Planned for April 2016 == === Meeting April === * If you have not registered for the IHAP meeting in April, please do so: [[http://doodle.com/poll/6hmhwahhp9sp2q5c#table|doodle]] * On day two of the meeting we will have a hackathon: we can form small groups and work on specific, nice little tasks. Please think about topics you are interest in. === Intevation === * *.deb packages should exist now. * A local contact database can be used to enrich events with contact information and instructions how they have to be informed. * Input and Output formats: ** X-ARF ** IODEF === Community === * RIPE abuse-c contacts can be done locally. RIPE might be able to export abuse-c infos publicly (fingers crossed). * more command line options for intelmqcli (see the https://github.com/certat/intelmq repo) * activate intelmq.org homepage == Wishlist == * **we need more test-cases!!!** * a specific config logic for ASNs: do this and that (for example sett ttl = 1 month) if event is in ASN xyz. Or "ignore" if event is in ASN xyz. This should support some kind of more-specific-less-specific inheritance, similarly to Apache directory settings. The most specific setting wins. The order could be: country code -> ASN -> netblock -> ip (/32). Open questions: what's more relevant if both domains and numbers (ASN, IPs, net blocks) exist in an event? * block based processing: for example block based team cymru lookups * parallelisation: need to revisit this topic == Communication == Chat: irc #intelmq on freenode or webchat: [[https://webchat.freenode.net/?channels=intelmq]] Weekly Conference Call: Dial in via the known conference bridge number. It is [[https://en.wikipedia.org/wiki/Telephone_number_mapping|ENUM]] enabled. Ask Aaron or Dustin for the number if you want to participate. The next weekly conf call is on March, 30th, 16:00 UTC+1

1 0

Todays Conf-Call
by Dustin Demuth 22 Mar '16

22 Mar '16

Hey Folks, who would join a conf-call today? Possible Topics: * Quality of Data: what is the most reliable source for Country information? Maxmind or NCC? * Developer Newsletter We'd like to test palava.tv (Browser 2 Browser Video) Feel free to join https://palava.tv/intelmq at 16:00 UTC+1 Best Regards Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

4 6

conf call today
by Dustin Demuth 16 Mar '16

16 Mar '16

Hi all, do plans exist for a conference call today? Here is a list of alternatives to Skype: We did not test most of them Based on WebRTC - appear.in - palava.tv (should work) "Classical" Voice - mumble Unknown / Other - zoom.us Best Regards Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

4 12

Legacy Python support - any blockers for dropping it?
by Sebastian Wagner 15 Mar '16

15 Mar '16

Dear community, At our meeting in Osnabrueck, the point about legacy python compatibility came up again. From a developer perspective, dropping support for Legacy Python would be great. As Python now has native unicode support, handling of strings became much easier and unproblematic. Does anyone have concerns or blocking issues about dropping support for the 2.7 series? Current Python 3.x is available on all plattforms. Also, what versions of 3.x are available on your plattform? Currently we run tests for 3.4 and 3.5. Sebastian -- // Sebastian Wagner <wagner(a)cert.at> - T: +43 1 50564167201 // CERT Austria - http://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg

1 0

Abushelper Compatibility
by Dustin Demuth 13 Mar '16

13 Mar '16

Hi, after the XMPP Bots, we'd like to start with a parser for AbuseHelper. In order to do so, Aaron suggested a table which compares intelMQ and AbuseHelper. We'll have a look at the DHO used, and create this table in the next days. https://github.com/certtools/intelmq/blob/master/docs/Data-Harmonization.md https://github.com/abusesa/abusehelper/blob/master/docs/Harmonization.md BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

2 1

XMPP-Bots
by Dustin Demuth 11 Mar '16

11 Mar '16

Hi Folks, today we created a pull request for an XMPP Collector and an XMPP Output bot. The bots are based on the previous PRs 158 and 197. This can be a first step to create a bridge to abusehelper. BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

1 0

test
by L. Aaron Kaplan 08 Mar '16

08 Mar '16

pls ignore

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

IntelMQ-dev March 2016