Re: IP fw-in deny (web-enabled monitor?)
On Sat, Apr 24, 1999 at 12:14:05PM -0400, Paul Tod Rieger wrote:
>
> Or should I filter them out with "grep -v" or such? This leads to
> another question, one more relevant to the list:
>
Just deny them without the "-o" (log) option before the deny-all -o
> Are there any web-enabled apps that would allow me to monitor my server
> from a web browser on another machine? My firewall is also a webserver,
> so I'd like to use that capability to check the console and other logs.
To see e.g. /var/log/messages from a browser I have written a short cgi-bin
script in bash.
As the apache server runs as www-data user (Debian 2.0)
you must add www-data user to the group adm (the one with read access to
the logs in Debian 2.0)
THE SCRIPT:
#!/bin/bash
#
# Frame to show /var/log/messages
#
exec 2>&1 # Redirect errors to stdout ( Thanks to Luis Colorado ;)
# NEXT TWO LINES ARE OBLIGATORY FOR CGI-BIN
echo Content-type: text/plain
echo
echo "/var/log/messages:"
cat /var/log/messages
############################# THE END ##################################
NOTE:
I think this has two disavantages:
1- ANYONE in your lan can read the logs.
2- If someone breaks into your system via the web server he can read the logs...
If you give no web service to inet and your internal network is safe no problem.
- What do you think about this (safety of the toy)?
Best regards,
--
--------------------------------
Manel Marin e-mail: uni00771@pc-internet.com
Linux Powered (Debian 2.0)
--------------------------------
Reply to: