Merge pull request #521 from NethServer/master

Suricata release

administrator-manual/en/suricata.rst

@@ -28,7 +28,7 @@ Suricata is configured to use free rules from https://rules.emergingthreats.net/
 
 Rules are divided into categories listed below.
 
-Activex
+ActiveX
   Attacks and vulnerabilities(CVE, etc.) regarding ActiveX.
 
 Attack Response
@@ -38,7 +38,7 @@ Attack Response
   compromise may have happened.
 
 Botcc (Bot Command and Control)
-  These are autogenerated from several sources of
+  These are auto-generated from several sources of
   known and confirmed active Botnet and other Command and Control hosts. Updated daily,
   primary data source is Shadowserver.org. Bot command and control block rules generated
   from shadowserver.org, as well as spyeyetracker, palevotracker, and zeustracker. Port
@@ -57,7 +57,7 @@ CIArmy
 
 Compromised
   This is a list of known compromised hosts, confirmed and updated daily
-  as well. This set varied from a hundred to several hunderd rules depending on the data
+  as well. This set varied from a hundred to several hundreds rules depending on the data
   sources. This is a compilation of several private but highly reliable data sources. Warming:
   Snort does not handle IP matches well load-wise. If your sensor is already pushed to the
   limits this set will add significant load. We recommend staying with just the botcc rules in a
@@ -68,7 +68,7 @@ Current Events
   exploit kits and malware that will be aged and removed quickly due to the short lived
   nature of the threat. High profile items that we don’t expect to be there long—fraud
   campaigns related to disasters for instance. These are rules that we don't intend to keep in
-  the ruleset for long, or that need to be tested before they are considered for inclusion. Most
+  the rule set for long, or that need to be tested before they are considered for inclusion. Most
   often these will be simple sigs for the Storm binary URL of the day, sigs to catch CLSID's of
   newly found vulnerable apps where we don't have any detail on the exploit, etc.
 
@@ -100,7 +100,7 @@ Dshield
 Exploit
   Exploits that are not covered in specific service category. Rules to detect direct
   exploits. Generally if you're looking for a windows exploit, Veritas, etc, they'll be here.
-  Things like SQL injection and the like, whie they are exploits, have their own category.
+  Things like SQL injection and the like, while they are exploits, have their own category.
 
 Files
   Example rules for using the file handling and extraction functionality in Suricata.
@@ -173,7 +173,7 @@ Shellcode
   If successfully executed, the shellcode can provide the attacker access to the target machine
   across the network. Remote shellcodes normally use standard TCP/IP socket connections 
   to allow the attacker access to the shell on the target machine. Such shellcode can be
-  categorised based on how this connection is set up: if the shellcode can establish this
+  categorized based on how this connection is set up: if the shellcode can establish this
   connection, it is called a "reverse shell" or a connect-back shellcode because the shellcode
   connects back to the attacker's machine.
 
@@ -204,15 +204,15 @@ TFTP
   rules detecting basic activity of the protocol for logging purposes.
 
 TLS-Events
-  Rules for matching on TLS events and anomal
+  Rules for matching on TLS events and anomalies
 
 TOR
   IP Based rules for the identification of traffic to and from TOR exit nodes.
 
 Trojan
   Malicious software that has clear criminal intent. Rules here detect malicious
   software that is in transit, active, infecting, attacking, updating, and whatever else we can
-  detect on the wire. This is also a highly important ruleset to run if you have to choose.
+  detect on the wire. This is also a highly important rule set to run if you have to choose.
 
 User Agents
   User agent identification and detection.
@@ -233,7 +233,20 @@ Web Specific Apps
 WORM
   Traffic indicative of network based worm activity.
 
+Bypass
+======
+
+The bypass disables IPS protection for selected hosts: all traffic from/to the given host will not be analyzed.
+
+To create a bypass access the new Server Manager and open the :guilabel:`IPS` application, then go to the :guilabel:`Bypass`
+page and click on :guilabel:`Add bypass` button.
+
+Fill the :guilabel:`Bypass` field and click on :guilabel:`Save` button. The :guilabel:`Bypass` field supports:
 
+- host objects
+- host groups objects
+- IP range objects
+- raw IP addresses
 
 EveBox
 ======

administrator-manual/en/webtop5.rst

@@ -663,7 +663,7 @@ The public image just uploaded will be able to recall it in the HTML editor of t
    The personal mailcard can be associated with the user or his email:
    by associating it by email it will also be possible to share the mailcard to other users with whom the identity is shared.
 
-By accessing the settings from the WebTop administrator panel you can also set a general domain mailcard that will be automatically set for all users who have not configured their personal mailcard:
+By accessing the user settings from the WebTop administration panel ( :menuselection:`Domains --> NethServer --> Users --> Right click on user` ) it is also possible to set up a general domain mailcard that will be automatically set for all users who have not configured their personal mailcard.:
 
 .. image:: _static/webtop-domain_mailcard.png
 
@@ -673,7 +673,7 @@ Furthermore, it will also be possible to modify personal information:
 
 that can be used within the parameterized fields within the domain mailcard editor:
 
-.. image:: _static/webtop-domain_mailcard.png
+.. image:: _static/webtop-mailcard_editor.png
 
 In this way it is possible to create a single mailcard that will be automatically customized for every user who does not use his own mailcard.
 
@@ -810,22 +810,6 @@ Full administration of user settings is available directly in the administration
 
 It is also possible to make a massive change of the email domain of the selected users: select the users (Click + CTRL for multiple selection) to which you want to apply this change then right-click on :guilabel:`Bulk update email domain`.
 
-SMTP setting
-============
-
-The default configuration for sending mail to the SMTP server is anonymous and without encryption on port 587.
-It is possible to enable authenticated sending in this way: ::
-
-  config setprop webtop SmtpAuth enabled
-  
-to enable encryption also: ::
-
-  config setprop webtop SmtpStarttls enabled
-  
-To apply the new settings launch this event which will also restart the application: ::
-
-  signal-event nethserver-webtop5-update
-
 Changing the logo
 =================