File: README.Debian

package info (click to toggle)
fwanalog 0.6.9-6.2
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd, wheezy
  • size: 1,000 kB
  • ctags: 25
  • sloc: sh: 1,541; makefile: 46
file content (63 lines) | stat: -rw-r--r-- 2,198 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
fwanalog for Debian
===================

GENERAL
-------
This package requires (in order to generate something) that you  log  all
packets that you reject or drop. This can be accomplished by inserting a
-j LOG before your normal  -j  DROP  or  -j  REJECT  rules.  As  always,
exercise caution when tampering with your firewall-setup, and  check  it
for any holes with nmap et al afterwards.

If you need a  firewall-script  for  iptables  with  logging-support,  I
suggest     you     try     MonMotha's     IPTables     Firewall      at
http://monmotha.mplug.org/firewall/index.php


CONFIG OPTIONS
--------------
There are some important options in /etc/fwanalog/fwanalog.opts that you
may need to check.

logformat:
The log format, which is set to "iptables" by default.
Other valid values are: ipchains, ipf, openbsd, freebsd, solarisipf, 
pf_30, zynos, pix, watchguard, fw1.
For an explaination about these values, see the comments in
/etc/fwanalog/fwanalog.opts

outdir:
The output directory, which is set by default to /var/log/fwanalog. 

Change this value to a subdirectory of /var/www (e.g. /var/www/fwanalog) 
if you  want to be able to access fwanalog results from your webserver.
WARNING: fwanalog output may be analysed by a potential attacker to guess
your firewall ruleset. It may be a good idea to restrict world access to
this information.

inputfiles_dir, inputfiles_mask:
The directory where logfiles are in is called "inputfiles_dir" and is set
to /var/log.
fwanalog will process logfiles in this directory, which are called as 
specified in "inputfiles_mask". This variable is set to "messages*" by
default.

See /usr/share/doc/fwanalog/examples/fwanalog.opts.* for some examples of
common configuration scenarios.


PERMISSIONS
-----------
fwanalog runs as an unprivileged user by default in Debian; remember to 
allow the fwanalog user to write in the directory you choose as the
fwanalog output directory.

Also ensure that the fwanalog user is able to read logfiles located 
under "$inputfiles_dir/$inputfiles_mask" (/var/log/messages* by default).


CRON
----
To modify the cronjob behaviour and the output language run the following 
command:
dpkg-reconfigure fwanalog