![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 4 Jan 2000 08:41:20 -0500
From: Bill Ralph <wralph@NSWC.NAVY.MIL>
Subject: SHADOW and Y2K Problems
To: BUGTRAQ@SECURITYFOCUS.COM
Version 1.6 of the SHADOW intrusion detection system passed through 1/1/00
with no problems. Those with earlier versions had a problem on their
sensors. Our suggestion is to fetch the latest version of SHADOW (Version
1.6) from http://www.nswc.navy.mil/ISSEC/CID/shadowForm.html and install it.
For the short term, line 22 in start_logger.pl of pre-1.6 versions reads:
$tmp = sprintf("%02d%02d%02d%02d", @T[5],@T[4]+1,@T[3],@T[2]);
Change it to:
$tmp = strftime("%y%m%d%H", @T);
This should keep your SHADOW system functioning until you upgrade to Version
1.6. As a by-product of that upgrade, you will get other worthwhile
improvements:
Multiple day pattern search.
Improved sensor scripts.
Ability to run simultaneous tcpdumps with differing parameter files.
Improvement in stopping previously started tcpdump.
Raw data file names now use 4-digit year.
Automatic archival of Incident Reports.
Automatic generation of incident report number.
Removal of obsolete accessories from package.
Searching improved with abort button.
New graphics and colors.
NMAP button included in tool window.
Four digit years throughout all scripts with backward compatibility.
---------------------------------------
___ _ _ _ ___ _ _
| . ><_>| || | | . \ ___ | | ___ | |_
| . \| || || | | /<_> || || . \| . |
|___/|_||_||_| |_\_\<___||_|| _/|_|_|
Member of NSWC SHADOW Team |_|
wralph@nswc.navy.mil - (540)653-5593
---------------------------------------