From owner-freebsd-security Fri Jan 28 15:31:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106]) by hub.freebsd.org (Postfix) with ESMTP id DC11415031 for ; Fri, 28 Jan 2000 15:31:45 -0800 (PST) (envelope-from zeus@tetronsoftware.com) Received: from tetron02.tetronsoftware.com (tetron02.tetronsoftware.com [208.236.46.106]) by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id RAA30703; Fri, 28 Jan 2000 17:34:33 -0600 (CST) (envelope-from zeus@tetronsoftware.com) Date: Fri, 28 Jan 2000 17:34:33 -0600 (CST) From: Gene Harris To: Cy Schubert - ITSD Open Systems Group Cc: Brett Glass , The Mad Scientist , freebsd-security@FreeBSD.ORG Subject: Re: Riddle me this In-Reply-To: <200001282100.NAA38136@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ahh, I like what you've done. However, the purpose of placing stuff into a separate ipfw file is so I can move it around without dragging all the kernel messages around as well. However, I will check out swatch, and where is the PR you haven't submitted for swatch(3)? Surely, you need an inexperienced newbie like me to test it? *grin* *==============================================* *Gene Harris http://www.tetronsoftware.com* *FreeBSD Novice * *All ORBS.org SMTP connections are denied! * *==============================================* On Fri, 28 Jan 2000, Cy Schubert - ITSD Open Systems Group wrote: > In message ware.co > m>, Gene Harris writes: > > I prefer a slightly different approach. My syslog.conf file > > contains the two lines: > > > > !ipfw > > *.* /var/log/ipfw > > I use swatch3 (swatch3 and 2 Perl module ports are ready but I haven't > submitted the PR's yet to have them included in ports). > > I use the following .swatchrc to display some messages in red, others > in blue, and the rest black (or white). > > ignore = /ipfw:.* Deny .* blahblah.*/ > ignore = /ipfw:.* Deny .* 10\.blahblah.*/ > watchfor = /refused connect from/ > echo=red,inverse > bell > watchfor = /ALERT:/ > echo=red,inverse > bell > watchfor = /Deny TCP blahblah blah blah in via xl0/ > echo=blue > watchfor = /Deny TCP blahblah blahblah:113 in via xl0/ > echo=blue > watchfor = /Deny TCP blahblah blahblah:80 in via xl0/ > echo=blue > watchfor = /ipfw:.* Deny .* in via / > echo=red > bell > watchfor = /ipfw:.* Deny .* out via / > echo > ignore = /.*/ > > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca > ITSD > Province of BC > "COBOL IS A WASTE OF CARDS." > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message