SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

FIRE-WALLER V1.2.1

Written and (C) by Jani Mikkonen (jani@mikkonen.org) Diffs/Bug reports/Suggestions welcome!

OVERVIEW

Fire-Waller is a smallish perlscript that extracts all firewall entries from your syslog and creates html version of them that can be viewed with browser.

SUPPORTS

Only linux this time. Due to fact that logfile parsing is aimed towards firewall logs that are created by ipchains based firewall.

REQUIRES

Ipchains firewall

  • Obviously!? This is what we are trying to parse and most likely you allready have one setup if you are reading this file.

Cron - or AT. Well, actually not needed but nice to have.

Perl - obviously since the fire-waller where written with

it.

INSTALL

Just untar the distribution file which you allready have done if you read this. Then edit first few rows on the script file itself. By default, if you are using basic redhat 6.X you do not need to edit the file at all.

Important notice Be default, html'ed logfile goes into directory /home/httpd/html/flog.html and as this is in your rootdirectory if your webserver this might be a security breach. If you wish to retain this directory for the outputed file, you need to modify your apache config files so that unwanted persons cannot view the file. Check apache's access.conf for more info..

NEW In version 1.2. Fire-Waller can now be executed as a cgi program. To accomplish this, you need to copy the perl script (fire-waller.pl) and shell script (fire-waller.cgi) to your webservers directory where cgi's are permitted. Refer to your httpd daemons documentation if you need help on this topic.

BUGS

You tell me ...

FAQ

Go ahead, im waiting ...

HISTORY

V1.2.1 (Released 21th of November 2000)

  • Fifth release
    • Crucial bug that puts a shame on me ;) I declared a file as variable and somehow this worked on my test environment and bug reports starting coming in. Sorry for taking so long to fix this but i have been really busy last few months with my family and my job.
    • Also applied a user submitted patch to include redirected packets. I havent tested well since my production environment doesnt have redirection rules so please, tell me how this is working and should i leave it to fire-waller.

V1.2 (Released 13 th of November 2000)

  • Fourth Release. No bug fixes, just new features.
    • Added an ability to run the fire-waller as cgi. Notice that as you cant pass commandline parameters to cgi's you have to make a normal shell script that does this for you. Example is provided as fire-waller.cgi. To invoke fire-waller as cgi, pass it a parameter --cgi
    • Noticed that in previous versions, readme stated that the "pingplotter is distributed" .. While ofcourse, we where referring to fire-waller

V1.1 (Released 31th of August 2000)

  • Third release. Here's a short summary what have been done:
    • Fix a bug in protocol field. All protocols seemed to be TCP even if they wherent. Thanks goes to Arizona.edu guys for this one!
    • No a bug at all but changed one internal variable name to from %service to %protocols to make things more clearer.
    • Added a timestamp to the html file so you know when the log was created.
    • Added an option not to do reverse namelookups which increases html creation dramatically if you are on slow link. ( argument: --nnl aka No Name Lookups)
    • Added a helpscreen that prints out all available commandline arguments. ( --help & --h )

V1.0 (Released 28th of August 2000)

  • Second release, should be stable now. Fixed a bug in "To Port" field when protocol used was icmp. While log file says 0 in toport, it didnt parse correctly to html'ed output.

V1.0b (Released 11th of August 2000)

  • First public release after few weeks of testing and few total rewrites.

TODO / SUGGESTIONS

  • Create the logfile as smaller chunks so that netscape wont freeze if you are being portscanned all the time. (Eq. Portscan = many entries = big table = netscape renders tables slowly) (And to date, i havent decided will i ever do this)
  • One user submitted a suggestion that logfiles should be splitted by date and create index file for these dates on the fly. This is very good idea and i most likely will implement it to the next release. (Addition: This will be available on next version)

LICENSE

Fire-Waller is distributed under the GNU GPL v2. The file "LICENSE" is included in distribution.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.