You can download the Honeywall CDROM Roo from here. It is assumed you have read and understand all the documentation and recognize the issues and risks involved, including those documented in Know Your Enemy: Honeynets. Also, be sure you read and understand the Online User Manual before installing the Honeywall CDROM. Please report all bugs, issues, or vulnerabilities at our Bug Server.

Last Updated: 02 March, 2007

WARRANTY EXCLUSION:
You agree that this software is a non-commercially developed program that may contain "bugs" (as that term is used in the industry) and that it may not function as intended. The software is licensed "as is". The Honeynet Project makes no, and hereby expressly disclaims all, warranties, express, implied, statutory, or otherwise with respect to the software, including non-infringement and the implied warranties of merchantability and fitness for a particular purpose.

LIMITATION OF LIABILITY:
In no event will The Honeynet Project be liable for any damages, including loss of data, lost profits, cost of cover, or other special, incidental, consequential, direct or indirect damages arising from the software or the use thereof, however caused and on any theory of liability. This limitation will apply even if The Honeynet Project has been advised of the possibility of such damage. You acknowledge that this is a reasonable allocation of risk.

Current Version
The current version of the Honeywall CDROM Roo is 1.1. Please report all bugs, issues, or vulnerabilities at our Bug Server.

NOTE: This release is based on Fedora Core 3, which is no longer supported. We are working hard on getting a new release out as soon as possible based on Fedora Core 6.

What Is New

• Numerous Bug Fixes.
• Thanks to Sourcefire, the Honeywall CDROM is now distributed with the latest version of the Sourcefire VRT Certified Rules for Snort and Snort_Inline.
• We added Oinkmaster and Snortconfig to automate Snort(IDS) and Snort-inline (IPS) rule updates.
• We updated Snort from version 2.3.3 to 2.6.0.1.
• We have updated the functionality of Snort-Inline. In versions of Roo prior to version 1.1.hw-1 there were a limited number of IPS rules that were hand picked for versatility. They were all known to function well with the 'Action' field set to either of DROP, REJECT, or REPLACE. Now that we are utilizing the entire VRT rule set for both IDS and IPS rules this is no longer true. We have removed the ability to set all IPS rules to either of DROP/REJECT/REPLACE. Instead the decision on which action is appropriate for each IPS rule is being passed off to 'snortconfig' which was written and is maintained by Brian Caswell, who has written a snort rule or two.
• Since the Ethereal Core development team is now working on wireshark, which is of the same code base, we have made the move from tethereal 0.10.14 -> Wireshark 0.99.3. We really only "require" the mergecap utility but we also include the very handy cli capture tool formerly known as tethereal (now tshark).
• Changed the update process so that, by default, ALL updates for roo will come from the Honeynet Project yum repo instead of the various independent OS and application repos. This will enable us to test updates before they are received to ensure that updates don't break Roo. Optionally, one can use the tool 'hwrepoconf' to enable OS / application repos if you desire quicker (but untested) updates as they become available.

Downloads

• Download Current Image
• Download Archived Images
• Download CDROM Label

  NOTE: In the near future we will be supporting SVN access also.