IntelMQ-dev

intelmq-dev@lists.cert.at

6 participants
232 discussions

Conf-Call 26.04.16
by Dustin Demuth 26 Apr '16

26 Apr '16

Hey Folks, This are the minutes of today's call. Participants: Sebastian, Aaron, Dustin Topics: _ Pull-Request ContactDB https://github.com/Intevation/intelmq/pull/3/commits/902896a96725ff288419a9… Aaron sent a PR for the Contact DB The Handles are URIs to the API of first.org or TI. * For TI the public service should be used as an example. * In Ripe an ORG-Handle exists Roles: New Table is supposed to model tech-c, abuse-c, etc. AS: ripe_aut_num refers to the the number in RIPE Map Organization to ASN instead of Contacts, bc. this mirrors the RIPE-Data more closely -> Problem: notification intervall per contact is not possible anymore. CONCEPT: Fill a Shadow-Database from ftp://ftp.ripe.net/ripe/dbase/ See tables in split directory _ Contact-DB Classification - This is similar to the incidents' classification in eventDB - Classification will need a little overhaul to reflect the taxonomy _ Newsletter * Sent Newsletter on Friday * Review on Thursday _ Merges from Sebastian * Redis Output Bot was successfully Merged * Several Bugfixes * New Bitsight collector _ Debian-Packages * Use HTTP Apt-Repository from intevation to provide the packages. _ XMPP - Bot * Intevation needs to do some more testing and a quick internal review. But the bot should already work. _ PyASN vs. Other Technologies * See upcoming Blog post _ Linux Standards * Logging: Syslog is currenntly in test * Configuration: runtime.d, bots.d * To think about: start intelmq with systemd in intelmq2 _ "Coding Desaster Contingency Plan" * Intevation and Cert.at will create backups of github repositories on a daily basis. BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

1 0

reminder: intelmq-dev conf call today
by L. Aaron Kaplan 26 Apr '16

26 Apr '16

Dear list members, this is a short reminder: last time we skipped the intelmq-dev conf call since we had the physical meeting in Vienna anyway. This week / this Tuesday we'd like to resume the regular calls. When? Today, 26th of April 2016, 16:00 UTC+2 Dial in-number: please ask me if you plan to attend. (not posting it since this is a public list with a public archive). Best, a.

1 0

Deb Packages for Ubuntu
by Dustin Demuth 25 Apr '16

25 Apr '16

Hey Folks, Sascha has been sucessful in creating *.deb Packages for intelmq and intelmq-manager. They work on Ubuntu 14.04. (with a little bit of tweaking) If you are interested in packages, have a look at: https://github.com/Intevation/intelmq/tree/deb-packaging and https://github.com/Intevation/intelmq-manager We needed to downgrade[1] a bunch of packages in intelmqs setup.py. ** Some testing will be required. ** Some packages are _not_ available in Ubuntu 14.04 but they can be installed from 15.10: - python3-redis_2.10.3-3ubuntu1 - python3-tz_2014.10dfsg1-0ubuntu2 - python3-termstyle_0.1.10-1 - python3-unicodecsv_0.13.0-2 The package intelmq-manager depends on intelmq. The dependency on sudo still exists. Packages do not follow the Debian packaging guidelines. Which must be improved. [1] https://github.com/Intevation/intelmq/commit/81b6af9ef0d08c4c6726e4c4feeaa8… BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

3 5

input for our intelmq newsletter April 2016
by L. Aaron Kaplan 20 Apr '16

20 Apr '16

Hi folks, Dustin and me are starting to collect input for our monthly intelmq newsletter. Please be so kind and send us your input. We write down as much as we know about of course, but I'd be helpful to still get your input upfront. Otherwise it might not be in the newletter. Best, a.

1 0

Current status of XMPP bot
by Roland Geider 16 Apr '16

16 Apr '16

Hello List, as you all probably know, the code for the XMPP bot that was sent upstream was broken, this shouldn't have happened. What we think happened was this: prior to opening the pull request we pulled the commits to another repository and rebased them. During this process we seem to have lost a couple of commits. I will prepare a pull request that fixes these problems. To avoid situations such as this arising in the future we will perform additional tests before sending our code upstream. Best regards, Roland -- Roland Geider | ++49-541-335 083 - 256 | http://www.intevation.de/ Intevation GmbH, 49074 Osnabrück, DE | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

2 1

Monthly newsletter 3/2016
by L. Aaron Kaplan 24 Mar '16

24 Mar '16

= Intelmq-dev-news Issue 3/2016 == Topics == # First Developer News # IHAP meeting in April # Status update Intevation # Status update community == March 2016 == Hi Folks, this is the first issue of intelmq developer news. [[https://github.com/aaronkaplan/|Aaron]] and [[https://github.com/dmth/|Dustin]] plan to send this newsletter on a monthly basis now. We intend to achieve the following: * Generate a "helicopter view" for all developers. Everyone should be capable of knowing what is planned for the next iterations of intelmq and which challenges community and software are currently facing. * Reduce the risk of parallel implementation of features * Foster improvements of the software * Create the possibility to discuss === How to contribute to this newsletter? === -> contact Aaron, Dustin for future input === Rules === In case you feel the urge to discuss a topic of this newsletter (which is what we intend!), please create a new post on this mailing list, in which you refer to this newsletter. For the sake of finding infos quickly: please start a separate thread in this case instead of answering to this mail. Thank you. === Frequency === The planned frequency is one newsletter / month. === Status report Intevation === * Started to created *.deb packages. We "successfully" created *.deb packages for the intelmq-manager. There are some warnings left, for example for the fonts. The core is still work in progress. * We refactored the existing code of the XMPP bot. It still has to be tested with existing feeds. * Currently we are spending most of our time on a local database to store abuse contacts and rules on how to notify them. * We suggest to modify intelmq_psql_initdb.py in order to support PostgreSQLs native JSON data type. * Currently working on a concept for integration tests. * Started to map AbuseHelper and IntelMQ semantics. === Status report Community developments === * python3 only? Currently there is a discussion to drop the support for python2. In case there are no objections until end of March 2016, we will continue and move to python3 only. This simplifies a lot. Last chance to object * [[https://github.com/certtools/intelmq/commit/04ccc93340158cc7f6aaf3900cde78b… csv parser]] by [[https://github.com/robcza|robcza]] * [[https://github.com/certtools/intelmq/pull/455|ftp(s) bot]] submission by [[https://github.com/robcza|robcza]] * thx to [[https://github.com/sebix|sebix]], abusix now seems to support [[https://github.com/certtools/intelmq/commit/e66effaa844977aabe38b1d54227c81…]] * interesting discussion on running bots via cronjob: https://github.com/certtools/intelmq/issues/464 * We would like to change the syntax of intelmqcli to a new format: intelmqctl {start,stop} bot_id. Unless there are major objections we will continue. Note well: this will break compatibility with scripts. * IHAP meeting in April: if you want to attend and have not registered yet, get in contact with Aaron pls. * discussions on how to make intelmq-manager more useful: add events/sec (rate), failed events/sec (failure-rate), total failed events/sec as extra columns in the monitoring page. * if you are using the n6stomp bot, there were some hick-ups upstream. You might have to restart your n6stomp bot. == Planned for April 2016 == === Meeting April === * If you have not registered for the IHAP meeting in April, please do so: [[http://doodle.com/poll/6hmhwahhp9sp2q5c#table|doodle]] * On day two of the meeting we will have a hackathon: we can form small groups and work on specific, nice little tasks. Please think about topics you are interest in. === Intevation === * *.deb packages should exist now. * A local contact database can be used to enrich events with contact information and instructions how they have to be informed. * Input and Output formats: ** X-ARF ** IODEF === Community === * RIPE abuse-c contacts can be done locally. RIPE might be able to export abuse-c infos publicly (fingers crossed). * more command line options for intelmqcli (see the https://github.com/certat/intelmq repo) * activate intelmq.org homepage == Wishlist == * **we need more test-cases!!!** * a specific config logic for ASNs: do this and that (for example sett ttl = 1 month) if event is in ASN xyz. Or "ignore" if event is in ASN xyz. This should support some kind of more-specific-less-specific inheritance, similarly to Apache directory settings. The most specific setting wins. The order could be: country code -> ASN -> netblock -> ip (/32). Open questions: what's more relevant if both domains and numbers (ASN, IPs, net blocks) exist in an event? * block based processing: for example block based team cymru lookups * parallelisation: need to revisit this topic == Communication == Chat: irc #intelmq on freenode or webchat: [[https://webchat.freenode.net/?channels=intelmq]] Weekly Conference Call: Dial in via the known conference bridge number. It is [[https://en.wikipedia.org/wiki/Telephone_number_mapping|ENUM]] enabled. Ask Aaron or Dustin for the number if you want to participate. The next weekly conf call is on March, 30th, 16:00 UTC+1

1 0

Todays Conf-Call
by Dustin Demuth 22 Mar '16

22 Mar '16

Hey Folks, who would join a conf-call today? Possible Topics: * Quality of Data: what is the most reliable source for Country information? Maxmind or NCC? * Developer Newsletter We'd like to test palava.tv (Browser 2 Browser Video) Feel free to join https://palava.tv/intelmq at 16:00 UTC+1 Best Regards Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

4 6

conf call today
by Dustin Demuth 16 Mar '16

16 Mar '16

Hi all, do plans exist for a conference call today? Here is a list of alternatives to Skype: We did not test most of them Based on WebRTC - appear.in - palava.tv (should work) "Classical" Voice - mumble Unknown / Other - zoom.us Best Regards Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

4 12

Legacy Python support - any blockers for dropping it?
by Sebastian Wagner 15 Mar '16

15 Mar '16

Dear community, At our meeting in Osnabrueck, the point about legacy python compatibility came up again. From a developer perspective, dropping support for Legacy Python would be great. As Python now has native unicode support, handling of strings became much easier and unproblematic. Does anyone have concerns or blocking issues about dropping support for the 2.7 series? Current Python 3.x is available on all plattforms. Also, what versions of 3.x are available on your plattform? Currently we run tests for 3.4 and 3.5. Sebastian -- // Sebastian Wagner <wagner(a)cert.at> - T: +43 1 50564167201 // CERT Austria - http://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg

1 0

Abushelper Compatibility
by Dustin Demuth 13 Mar '16

13 Mar '16

Hi, after the XMPP Bots, we'd like to start with a parser for AbuseHelper. In order to do so, Aaron suggested a table which compares intelMQ and AbuseHelper. We'll have a look at the DHO used, and create this table in the next days. https://github.com/certtools/intelmq/blob/master/docs/Data-Harmonization.md https://github.com/abusesa/abusehelper/blob/master/docs/Harmonization.md BR Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

IntelMQ-dev