[ please CC me no replies, I am not on the list ] Hi, I partially rewrote the README.Debian provided with fwanalog. Please proofread it, suggestions welcome. ciao, ema fwanalog for Debian =================== GENERAL ------- This package requires (in order to generate something) that you log all packets that you reject or drop. This can be accomplished by inserting a -j LOG before your normal -j DROP or -j REJECT rules. As always, exercise caution when tampering with your firewall-setup, and check it for any holes with nmap et al afterwards. If you need a firewall-script for iptables with logging-support, I suggest you try MonMotha's IPTables Firewall at http://monmotha.mplug.org/firewall/index.php CONFIG OPTIONS -------------- There are some important options in /etc/fwanalog/fwanalog.opts you may need to check. logformat: The log format, which is set to "iptables" by default. Other valid values are: ipchains, ipf, openbsd, freebsd, solarisipf, pf_30, zynos, pix, watchguard, fw1. For an explaination about these values, see the comments in /etc/fwanalog/fwanalog.opts outdir: The output directory, which is set by default to /var/log/fwanalog. Change this value to a /var/www subdirectory (e.g. /var/www/fwanalog) if you want to be able to access fwanalog results from your webserver. WARNING: fwanalog output may be analized by a potential attacker to guess your firewall ruleset. It may be a good idea to restrict world access to these informations. inputfiles_dir, inputfiles_mask: The directory where logfiles are in is called "inputfiles_dir" and is set to /var/log. fwanalog will process logfiles in this directory, which are called as specified in "inputfiles_mask". This variable is set to "messages*" by default. See /usr/share/doc/fwanalog/examples/fwanalog.opts.* for some examples of common configuration scenarios. PERMISSIONS ----------- fwanalog runs as an unprivileged user by default in Debian; remember to allow the fwanalog user to write in the directory you choose as fwanalog output dir. Be also sure that the fwanalog user is able to read logfiles located under "$inputfiles_dir/$inputfiles_mask" (/var/log/messages* by default). CRON ---- To modify the cronjob behaviour and the output language run the following command: dpkg-reconfigure fwanalog
Attachment:
signature.asc
Description: Digital signature