http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&feed=atom&action=historyFirewall, Monitoring - Revision history2024-03-28T08:59:03ZRevision history for this page on the wikiMediaWiki 1.18.0http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=13358&oldid=prevJimbo: Reverted edits by 173.88.199.104 (talk) to last revision by Jimbo2012-08-25T22:09:10Z<p>Reverted edits by <a href="/index.php/Special:Contributions/173.88.199.104" title="Special:Contributions/173.88.199.104">173.88.199.104</a> (<a href="/index.php?title=User_talk:173.88.199.104&action=edit&redlink=1" class="new" title="User talk:173.88.199.104 (page does not exist)">talk</a>) to last revision by <a href="/index.php/User:Jimbo" title="User:Jimbo">Jimbo</a></p>
<a href="http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=13358&oldid=13128">Show changes</a>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=13128&oldid=prev173.88.199.104: Blanked the page2012-08-13T18:50:01Z<p>Blanked the page</p>
<a href="http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=13128&oldid=13113">Show changes</a>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=13113&oldid=prev173.88.199.104 at 17:47, 13 August 20122012-08-13T17:47:52Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:47, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 247:</td>
<td colspan="2" class="diff-lineno">Line 247:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  }</nowiki></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  }</nowiki></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">[[Category:Common Tasks]]</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Securing FreeBSD]]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">[[Category:Firewall]]</del></div></td><td colspan="2"> </td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:8572:newid:13113 -->
</table>173.88.199.104http://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=8572&oldid=prevJimbo at 21:36, 21 June 20072007-06-21T21:36:15Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:36, 21 June 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 249:</td>
<td colspan="2" class="diff-lineno">Line 249:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Securing FreeBSD]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category: Securing FreeBSD]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Firewall]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:4754:newid:8572 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=4754&oldid=prevDave at 15:05, 12 December 20052005-12-12T15:05:51Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 15:05, 12 December 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 248:</td>
<td colspan="2" class="diff-lineno">Line 248:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category: Securing FreeBSD]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:3398:newid:4754 -->
</table>Davehttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=3398&oldid=prevJimbo: prettification, moved logfile permissions gotcha caveat from discussion page to main article2005-07-18T09:40:14Z<p>prettification, moved logfile permissions gotcha caveat from discussion page to main article</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 09:40, 18 July 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>I wrote myself a handy little CGI application in Perl to let me monitor my [[ipfw]] firewall from a web browser.  It uses (optional) reverse DNS host lookups for the source IPs of the things you're logging, (optional) service lookups from [[ /etc/services]] for the destination port numbers, and (optional) service override lookups for things that you want to look different in the firewall than in /etc/services.  (I personally like to put attack types and such in the overrides file, WITHOUT necessarily winding up obliterating legitimate services that may also use that particular port in my /etc/services file.)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>I wrote myself a handy little CGI application in Perl to let me monitor my [[ipfw]] firewall from a web browser.  It uses (optional) reverse DNS host lookups for the source IPs of the things you're logging, (optional) service lookups from [[ /etc/services]] for the destination port numbers, and (optional) service override lookups for things that you want to look different in the firewall than in /etc/services.  (I personally like to put attack types and such in the overrides file, WITHOUT necessarily winding up obliterating legitimate services that may also use that particular port in my /etc/services file.)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format <ins class="diffchange diffchange-inline">'''<nowiki></ins>http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz<ins class="diffchange diffchange-inline"></nowiki>''' </ins>here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>One common "gotcha" to remember: if you want this to work from a web browser, you'll need to make sure that your firewall log is readable from the user context of your webserver (in most cases, the user 'www').  Usually you'll want to do this by [[chmod]]ding /var/log/security to 644 - and don't forget to change the value in [[/etc/newsyslog.conf]] as well, or it'll be overwritten the first time your logs rotate!</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>One common "gotcha" to remember: if you want this to work from a web browser, you'll need to make sure that your firewall log is readable from the user context of your webserver (in most cases, the user 'www').  Usually you'll want to do this by [[chmod]]ding /var/log/security to 644 - and don't forget to change the value in [[/etc/newsyslog.conf]] as well, or it'll be overwritten the first time your logs rotate!</div></td></tr>
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=2940&oldid=prevJimbo: moving caveat about log permissions to main article2005-07-18T09:38:14Z<p>moving caveat about log permissions to main article</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 09:38, 18 July 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">One common "gotcha" to remember: if you want this to work from a web browser, you'll need to make sure that your firewall log is readable from the user context of your webserver (in most cases, the user 'www').  Usually you'll want to do this by [[chmod]]ding /var/log/security to 644 - and don't forget to change the value in [[/etc/newsyslog.conf]] as well, or it'll be overwritten the first time your logs rotate!</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  <nowiki>#! /usr/bin/perl</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  <nowiki>#! /usr/bin/perl</div></td></tr>
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=2939&oldid=prevJimbo: added nowiki tag to fix errors in script display2005-03-17T05:00:31Z<p>added nowiki tag to fix errors in script display</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 05:00, 17 March 2005</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You can specify alternate logfiles for it to read from the HTTP address, in the format http://youraddress/ipfwparser.cgi?logfile=/var/log/security.0.gz here, if you like.  Don't sweat GZIPped or BZIP2ed logs; as long as you make sure that the locations of [[gzcat]] and [[bzcat]] specified in the config section are correct (and that you are using .gz and .bz2 extensions on any compressed logfiles), it'll handle the compressed logs transparently.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>  #! /usr/bin/perl</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>  <ins class="diffchange diffchange-inline"><nowiki></ins>#! /usr/bin/perl</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  ##</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  ##</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 243:</td>
<td colspan="2" class="diff-lineno">Line 243:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   return scalar(@in);</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   return scalar(@in);</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>  }</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>  }<ins class="diffchange diffchange-inline"></nowiki></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>[[Category:Common Tasks]]</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:1920:newid:2939 -->
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=1920&oldid=prevJimbo at 00:30, 15 November 20042004-11-15T00:30:10Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:30, 15 November 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 61:</td>
<td colspan="2" class="diff-lineno">Line 61:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  foreach (&lt;FH>) {</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  foreach (&lt;FH>) {</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         chomp();</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         chomp();</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         @templine = split (/ /, $_);</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         @templine = split (/<ins class="diffchange diffchange-inline">\s+</ins>/, $_);</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         # datestamp</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         # datestamp</div></td></tr>
</table>Jimbohttp://www.freebsdwiki.net/index.php?title=Firewall,_Monitoring&diff=649&oldid=prevJimbo at 00:52, 14 November 20042004-11-14T00:52:32Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 00:52, 14 November 2004</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 244:</td>
<td colspan="2" class="diff-lineno">Line 244:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   return scalar(@in);</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   return scalar(@in);</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  }</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>  }</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Common Tasks]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:643:newid:649 -->
</table>Jimbo