New Honeynet Project CDROM public release

["Earl Sammons" <esammons () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Honeynet Project and Research Alliance are pleased to announce
the second public release of the "roo" Honeywall CDROM roo-1.0.hw-
189

      ******************************************************
      ***** Please keep in mind this is NOT an upgrade *****
      *****  All data will be overwritten on install   *****
      ******************************************************

It's been a little over 4 months since the initial public release
of roo.  We've fixed _many_ bugs, added a few features and even
taken some things out.  Outlined below are some of the more
significant changes since roo-1.0.hw-139:

o Yum update repository - The Honeynet Project now has a yum update
repository that will contain the latest versions of RPMS maintained
by the Honeynet project.  No more having to install a new CDROM -
for the latest and greatest, simply run 'yum update'.

o Must now hit "return" to begin installation - Initial boot to the
Honeywall CDROM now pauses at the "Warning" message before
installation begins.  This was done to prevent inadvertently
overwriting of hard disks.

o NAT mode no longer supported - Few people actually used this
feature.  Removing the functionality simplifies things for the
limited number of individuals maintaining roo.

o Numerous updates, fixes, and features added to the Walleye User
Interface to make it easier to use and more powerful for
administration and data analysis, including Snort Rules management
(Snort-Inline rules management is still beta and not fully
functional).

o /etc/honeywall.conf Variable changes (See honeywall.conf file) -
Affects individuals that install roo with a pre-configured
honeywall.conf on floppy.  If you practice this setup method,
please download the latest version of honeywall.conf from the same
location as the ISO.  In an effort to prevent confusion we will
publish the same version of honeywall.conf as included in a given
ISO release, outside of the ISO.

o Converted License to GPL

o roo now blocks outbound web-attacks and InlineReject(p) now works
across the bridge (thanks to William Metcalf).

o By default, you now get a daily summary report via email of all
honeynet activity, including suspicious connections.

o Replaced sendmail with postfix - We were having problems with
sendmail delivering local mail immediately (which is critical for
alerts).  I'm sure, given time, we would have fixed this but
postfix "just works" and we believe it's a better choice than
sendmail for our needs anyway.

o Added reset (every 10 minutes) for failed auth lock-out - If you
have 3 failed logon attempts for any non-root user account (such as
the default 'roo' account) the account will be locked.  We now have
a process that will automatically unlock it after 10 minutes.

o Please report any problems to bugzilla:
https://bugs.honeynet.org/enter_bug.cgi?product=CDROM-roo

o ISO and complete changelog:
http://www.honeynet.org/tools/cdrom/roo/download.html

o Updated user manual:
http://www.honeynet.org/tools/cdrom/roo/manual/index.html


On behalf of the entire CDROM team we would like to thank everyone
that has contributed to this effort over the last 4+ months.  All
of the feedback helps this technology to improve.

Future efforts
===============
Data Capture, Control and Analysis capability are now all integral
parts of roo and are functionaly capable of operating well for low
volume deployments.  The next phase of roo development will shift
to a more scalable "Distributed" architecture where Command,
Control, Capture, and Analysis will be possible on a much larger
scale.


With this in mind, roo version "1.0.hw-x" will shift to maintenance
mode while development efforts focus on "Distributed" Architecture.
 We will continue to support roo-1.0.hw-x but few, if any new
features will be added form this point on.


Thanks and enjoy,
Earl Sammons and the rest of the CDROM team
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNFZL4ACgkQk7+e+4lPSm0HGACfbkGqYRjmC4XItlSx1oJpWYryFTEA
njW6xqlEnMigGU6WeZ86YbmsrSbV
=apkT
-----END PGP SIGNATURE-----